Algorithmic Model Theory (SS 2010)

Algorithmic Model TheorySS 2010

Prof. Dr. Erich Grädel

Mathematische Grundlagen der InformatikRWTH Aachen

cbndThis work is licensed under:http://creativecommons.org/licenses/by-nc-nd/3.0/de/Dieses Werk ist lizenziert unter:http://creativecommons.org/licenses/by-nc-nd/3.0/de/

© 2013 Mathematische Grundlagen der Informatik, RWTH Aachen.http://www.logic.rwth-aachen.de

http://creativecommons.org/licenses/by-nc-nd/3.0/de/

http://creativecommons.org/licenses/by-nc-nd/3.0/de/

http://www.logic.rwth-aachen.de

Contents

1 The classical decision problem for FO 11.1 Basic notions on decidability . . . . . . . . . . . . . . . . . . . 21.2 Trakhtenbrot’s Theorem . . . . . . . . . . . . . . . . . . . . . . 81.3 Domino problems . . . . . . . . . . . . . . . . . . . . . . . . . 151.4 Applications of the domino method . . . . . . . . . . . . . . . 19

2 Finite Model Property 272.1 Ehrenfeucht-Fraïssé Games . . . . . . . . . . . . . . . . . . . . 272.2 FMP of Modal Logic . . . . . . . . . . . . . . . . . . . . . . . . 302.3 Finite Model Property of FO2 . . . . . . . . . . . . . . . . . . . 37

3 Descriptive Complexity 473.1 Logics Capturing Complexity Classes . . . . . . . . . . . . . . 473.2 Fagin’s Theorem . . . . . . . . . . . . . . . . . . . . . . . . . . 493.3 Second Order Horn Logic on Ordered Structures . . . . . . . 53

4 LFP and Infinitary Logics 594.1 Ordinals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 594.2 Some Fixed-Point Theory . . . . . . . . . . . . . . . . . . . . . 614.3 Least Fixed-Point Logic . . . . . . . . . . . . . . . . . . . . . . 644.4 Infinitary First-Order Logic . . . . . . . . . . . . . . . . . . . . 67

5 Modal, Inflationary and Partial Fixed Points 735.1 The Modal µ-Calculus . . . . . . . . . . . . . . . . . . . . . . . 735.2 Inflationary Fixed-Point Logic . . . . . . . . . . . . . . . . . . 765.3 Simultaneous Inductions . . . . . . . . . . . . . . . . . . . . . 815.4 Partial Fixed-Point Logic . . . . . . . . . . . . . . . . . . . . . 835.5 Capturing PTIME up to Bisimulation . . . . . . . . . . . . . . 86

6 Fixed-point logic with counting 936.1 Logics with Counting Terms . . . . . . . . . . . . . . . . . . . 946.2 Fixed-Point Logic with Counting . . . . . . . . . . . . . . . . . 956.3 The k-pebble bijection game . . . . . . . . . . . . . . . . . . . . 986.4 The construction of Cai, Fürer and Immerman . . . . . . . . . 100

7 Zero-one laws 1097.1 Random graphs . . . . . . . . . . . . . . . . . . . . . . . . . . . 1097.2 Zero-one law for first-order logic . . . . . . . . . . . . . . . . . 1117.3 Generalised zero-one laws . . . . . . . . . . . . . . . . . . . . . 115

1 The classical decision problem for FO

The classical decision problem for first-order logic was considered themain problem of mathematical logic by Hilbert and Ackermann and itsundecidability was shown by Church and Turing.

The Entscheidungsproblem is solved when we know a proce-dure that allows for any given logical expression to decide byfinitely many operations its validity or satisfiability. [. . . ] TheEntscheidungsproblem must be considered the main problemof mathematical logic.

(D. Hilbert and W. Ackermann, 1928)

We introduce the classical decision problem for first-order logic,for which we present three equivalent formulations. The importanceof the decision problem for first-order logic results from the fact thatfirst-order logic provides a framework to express almost all aspects ofmathematics.

Satisfiability: Construct an algorithm that decides for any given formulaof FO whether it has a model.

Validity: Construct an algorithm that decides for any given formula ofFO whether it is valid, i.e. whether it holds in all models where itis defined.

Provability: Construct an algorithm that decides for any given formulaψ of FO whether ⊢ ψ, meaning ψ is provable from the empty setof axioms in some formal system, e.g. sequential calculus.

Since ψ is satisfiable if and only if ¬ψ is not valid, satisfiability andvalidity are equivalent problems with respect to computability. Theequivalence with provability is a much more intricate result and in facta consequence of the following

1


Theorem 1.1 (Completeness Theorem (Gödel)). For any given set ofsentences Φ ⊆ FO(τ) and any sentence ψ ∈ FO(τ) it holds that

Φ |= ψ ⇐⇒ Φ ⊢ ψ ;

in particular ∅ |= ψ⇔ ∅ ⊢ ψ.

As a direct consequence we get the following

Theorem 1.2. The set of valid first-order formulae is recursively enu-merable.

1.1 Basic notions on decidability

In our formulation of the decision problem it was not precisely specifiedwhat an algorithm is. It was not until the 1930s that Church and Kleene ,Gödel and Turing provided a precise definition of an abstract algorithm.Their approaches are today known to be equivalent. We introduce theconcept of a Turing machine.

Definition 1.3. A Turing machine (TM) M is a 6-tupleM = (Q, Σ, Γ, q0, F, δ), where

• Q denotes a finite set of states,• Σ, Γ denote finite alphabets, where Σ is the working alphabet with

a special blank symbol ∈ Σ,• Γ ⊆ Σ \ is the input alphabet,• q0 ∈ Q denotes the initial state,• F ⊆ Q is the set of final states and• δ : (Q \ F)× Σ→ Q× Σ× −1, 0, 1 is the transition function.

A configuration is an element C = (q, p, w = w0w1 . . . wk) ∈ Q×N× Σ∗.The transition function δ induces a partial function on the set of allconfigurations

C 7→ Next(C),

where for δ(q, wp) = (q′, a, m), the successor configuration of Cis defined as Next(C) = (q′, p + m, w0 . . . wp−1awp+1 · · ·wk). A com-putation of the TM M on an input word x ∈ Γ∗ is a configuration

2


sequence

C0, C1, . . .

where C0 = C0(x) := (q0, 0, x) is the input configuration and Ci+1 =

Next(Ci) for all i.M halts on x if the computation of M on x is finite, i.e. ends in a

final configuration C f = (q, p, w) with q ∈ F.The language accepted by M is

L(M) := x ∈ Γ∗ : M halts on x.

M computes a partial function fM : Γ∗ → Σ∗ with domain L(M)

such that fM(x) = y if and only if the computation of M on x ends in(q, p, y) for some q ∈ F, y ∈ Σ∗ and p ∈N.

Definition 1.4. A Turing acceptor is a Turing machine M with F =

F+ ·∪ F− where M accepts x if the computation of M on x ends in a statein F+. M rejects x if the computation of M on x ends in a state in F−.

Definition 1.5.

• L ⊆ Γ∗ is recursively enumerable (r.e.) if there exists a TM M withL(M) = L.

• L ⊆ Γ∗ is co-recursively enumerable (co-r.e.) if L := Γ∗ \ L is r.e..• A (partial) function f : Γ∗ → Σ∗ is (Turing) computable if there is a

TM M with fM = f .• L ⊆ Γ∗ is decidable if there is a Turing acceptor M such that for all

x ∈ Γ∗

x ∈ L⇒ M accepts x

x /∈ L⇒ M rejects x

or, equivalently, L is decidable if its characteristic functionχL : Γ∗ → 0, 1 is Turing computable.

Theorem 1.6. A language L ⊆ Γ∗ is decidable if and only if L is r.e.and co-r.e.

3


Definition 1.7. Let A ⊆ Γ∗, B ⊆ Σ∗. We say that A is (many-to-one)reducible to B, A ≤ B, if there is a total computable function f : Γ∗ → Σ∗

such that for all x ∈ Γ∗ we have x ∈ A⇔ f (x) ∈ B.

Lemma 1.8.

• A ≤ B, B decidable⇒ A decidable

• A ≤ B, B r.e. ⇒ A r.e.

• A ≤ B, A undecidable⇒ B undecidable.

There surely are undecidable languages since there are only count-ably many Turing machines but uncountably many languages. Un-fortunately, among these languages there are quite relevant classes oflanguages. For example we cannot even decide whether a TM halts ona given input.

Definition 1.9 (Halting Problems). The general halting problem is definedas

H := ρ(M)#ρ(x) : M Turing machine, x ∈ L(M)

where ρ(M) and ρ(x) are encodings of the TM M and the input x overa fixed alphabet 0, 1 such that the computation of M on x can bereconstructed from the encodings ρ(M) and ρ(x) in an effective way.

There is a universal TM U which, given ρ(M) and ρ(x), simulatesthe computation of M on x and halts if and only if M halts on x. Thus,L(U) = H from which we conclude that H is r.e..

We introduce two special variants of the halting problem

• Self-application problem

H0 := ρ(M) : ρ(M) ∈ L(M)

• Halting on the empty word

Hε := ρ(M) : ε ∈ L(M)

Theorem 1.10. H, H0, Hε are undecidable.

4


Proof.

• H0 is not co-r.e. and thus undecidable. Otherwise H0 = L(M0) forsome TM M0. Then

ρ(M0) ∈ H0 ⇔ M0 halts on ρ(M0)⇔ ρ(M0) ∈ H0.

• H0 is a special case of H, H0 ≤ H, and thus H is undecidable.

• We can reduce H to Hε, thus Hε is undecidable. q.e.d.

As a consequence of the next theorem we cannot algorithmicallyprove whether a program computes a given function, i.e. we cannotalgorithmically prove the correctness of a program. Note that thisdoes not mean that we cannot prove the correctness of a single givenprogram. Instead the statement is that we cannot do so algorithmicallyfor all programs.

Theorem 1.11 (Rice). Let R be the set of all computable functions andlet S ⊆ R be a set of computable functions such that S = ∅ and S = R.Then code(S) := ρ(M) : fM ∈ S is undecidable.

Proof. Let ⇑ be the everywhere undefined function, i.e. Def(⇑) = ∅.Obviously, ⇑ is computable. Assume that ⇑∈ S (otherwise considerR \ S instead of S. Clearly if code(R \ S) is undecidable then so iscode(S).)

As S = ∅, there exists a function f ∈ S . Let M f be a TM thatcomputes f , i.e. fM f = f . We define a reduction Hε ≤ code(S) bydescribing a total computable function ρ(M) 7→ ρ(M′) such that

M halts on ε⇔ fM′ ∈ S.

Specifically, given ρ(M), we construct the encoding of a TM M′ which,given an input x, proceeds as follows:

• first simulate M on ε (i.e. apply the universal TM U to ρ(M)#ε);

• then simulate M f on x (i.e. apply the universal TM U toρ(M f )#ρ(x)).

5


It is clear that the reduction function is computable. Furthermore,if M halts on ε then fM′ (x) = f (x) for all inputs x, i.e. fM′ = f , sofM′ ∈ S. If M does not halt on ε then M′ does not halt on x for any x,i.e. fM′ =⇑, so fM′ ∈ S. q.e.d.

Definition 1.12 (Recursive inseparability). Let A, B ⊆ Γ∗ be two disjointsets. We say that A and B are recursively inseparable if there exists norecursive set C ⊆ Γ∗ such that A ⊆ C and B ∩ C = ∅.

Example. (A, A) are recursively inseparable if and only if A is undecid-able.

Lemma 1.13. Let A, B ⊆ Γ∗, A ∩ B = ∅ be recursively inseparable. LetX, Y ⊆ Σ∗, X ∩ Y = ∅, and let f be a total computable function suchthat f (A) ⊆ X and f (B) ⊆ Y. Then X and Y are recursively inseparable.

Proof. Assume there exists a decidable set Z ⊆ Σ∗ such that X ⊆ Zand Y ∩ Z = ∅. Consider C = x ∈ Γ∗ : f (x) ∈ Z. C is decidable,A ⊆ C, B ∩ C = ∅, thus C separates A, B. q.e.d.

Notation: We write (A, B) ≤ (X, Y) if such a function f exists.

Example. (A, A) ≤ (B, B)⇔ A ≤ B.

As a preparation to prove Trakhtenbrot’s theorem, we consider arefinement of Hε

H+ε := ρ(M) : M accepts ε

H−ε := ρ(M) : M rejects ε

H∞ε := ρ(M) : the computation of M on ε is infinite

and does not cycle.

H+0 , H−0 , H∞

0 are defined analogously, with respect to self-application.

Theorem 1.14. H+ε , H−ε and H∞

ε are pairwise recursively inseparable.

Proof.

6


• (H+ε , H∞

ε ): We show that every set C with H+ε ⊆ C and H∞

ε ∩ C =

∅ is undecidable by reducing the halting problem Hε to C. Definethe function ρ(M) 7→ ρ(M′) as follows. From a given code ρ(M)

construct the code of a TM M′ that simulates M and simultaneouslycounts the number of computation steps since the start. If M halts(accepting or rejecting), M′ accepts.

It is clear that the reduction function is computable. If M halts on ε

then M′ halts on ε as well and accepts, so ρ(M′) ∈ H+ε ⊆ C. If M

does not halt on ε then M′ does not halt either, so ρ(M′) ∈ H∞ε

and as H∞ε ∩ C = ∅, we have ρ(M′) ∈ C.

• The statement for H−ε and H∞ε is proven analogously.

• (H−ε , H+ε ): Show that (H−0 , H+

0 ) ≤ (H−ε , H+ε ) and that (H−0 , H+

0 )

are recursively inseparable.

– (H−0 , H+0 ) ≤ (H−ε , H+

ε ):

For a given input TM M construct a TM M′ that ignores itsown input and simulates M on ρ(M). Obviously, M′ can beconstructed effectively, say by a computable function h. Nowh(M) accepts ε iff M accepts ρ(M) and h(M) rejects ε iff Mrejects ρ(M).

– (H−0 , H+0 ) recursively inseparable:

Assume there exists a decidable C with H−0 ⊆ C and H+0 ⊆ C.

Consider a machine M0 that decides C. There are two cases:

(1) M0 accepts ρ(M0). Then ρ(M0) ∈ C by definition of M0.Then ρ(M0) ∈ H+

0 by definition of C. On the other hand,if M0 accepts ρ(M0) then ρ(M0) ∈ H+

0 (by definition ofH+

0 ), a contradiction.

(2) M0 rejects ρ(M0). Then ρ(M0) ∈ C by definition of M0.Then ρ(M0) ∈ H−0 by definition of C. On the other hand,if M0 rejects ρ(M0) then ρ(M0) ∈ H−0 (by definition ofH−0 ), a contradiction.

q.e.d.

7


1.2 Trakhtenbrot’s Theorem

In the following, we consider FO, more precisely first-order logic withequality. We restrict ourselves to a countable signature

τ∞ := Rij : i, j ∈N ∪ f i

j : i, j ∈N

where Rij stands for a relation symbol of arity i and f i

j stands for afunction symbol of arity i.

We encode formulae over a fixed alphabet

Γ := R, f , x, 0, 1, [, ] ∪ =,¬,∧,∨,→,↔, ∃, ∀.(, ),

and uniquely encode the relational and functional symbols

relation symbols: Rij 7−→ R[bin i][bin j]

functional symbols: f ij 7−→ f [bin i][bin j]

variables: xj 7−→ x[bin j].

Thus, every formula ϕ ∈ FO is a word in Γ∗.Let X ⊆ FO be a class of formulae. We analyse the following

decision problems:

Sat(X) := ψ ∈ X : ψ has a model

Fin-sat(X) := ψ ∈ X : ψ has a finite model

Val(X) := ψ ∈ X : ψ is valid

Non-sat(X) := X \ Sat(X)

Inf-axioms(X) := Sat(X) \ Fin-sat(X)

= ψ ∈ X : ψ is an infinity axiom, i.e. ψ has a

model but no finite model.

Theorem 1.15. Let X ⊆ FO be decidable. Then

(1) Val(X) is r.e.(2) Non-sat(X) is r.e.(3) Sat(X) is co-r.e.

8


(4) Fin-sat(X) is r.e.(5) Inf-axioms(X) is co-r.e.

Proof. (1) ϕ is valid ⇔ ⊢ ϕ (Completeness Theorem). Thus we cansystematically enumerate all proofs and halt if a proof for ϕ islisted.

(2) ϕ valid⇔ ¬ϕ is not satisfiable.(3) Follows from Item (2).(4) Systematically generate all finite models and halt if a model of ϕ is

found.(5) FO \ Inf-axioms(X) = Non-sat(X) ∪ Fin-sat(X) is r.e. q.e.d.

Definition 1.16. A class X ⊆ FO has the finite model property (FMP) ifevery satisfiable ϕ ∈ X has a finite model, i.e. if Sat(X) = Fin-sat(X).

Theorem 1.17. Suppose that X ⊆ FO is decidable and that X has theFMP. Then Sat(X) is decidable.

Proof. Sat(X) is co-r.e. and since Sat(X) = Fin-sat(X) and Fin-sat(X) isr.e. also Sat(X) is r.e. Thus Sat(X) is decidable. q.e.d.

In this case also Fin-sat(X), Non-sat(X), Val(X) are decidable andof course Inf-axioms(X) = ∅ is decidable.

Theorem 1.18 (Trakhtenbrot). There is a finite vocabulary τ ⊆ τ∞

such that Fin-sat(FO(τ)), Non-sat(FO(τ)) and Inf-axioms(FO(τ)) arepairwise recursively inseparable and therefore undecidable.

The proof of Trakhtenbrot’s theorem introduces a proof strategythat can be applied in many other undecidability proofs. (Do not focuson the technicalities but on the general idea to construct the reductionformulae.)

Proof. Let M be a deterministic Turing acceptor. We show that there isan effective reduction ρ(M) 7→ ψM such that

(1) M accepts ε =⇒ ψM has a finite model.(2) M rejects ε =⇒ ψM is unsatisfiable.

9


(3) The computation of M on ε is infinite and non-periodic =⇒ ψM

is an infinity axiom.

Then the theorem follows by Lemma 1.13.Let M be a Turing acceptor with states Q = q0, . . . , qr, initial state

q0, alphabet Σ = a0, . . . , as (where a0 = ), final states F = F+ ∪ F−

and transition function δ.ψM is defined over the vocabulary τ = 0, f , q, p, w where 0 is a

constant, f , q, p are unary functions and w is a binary function. Definethe term k as f k0.

By constructing a formula we intend to have a model AM =

(A, 0, f , q, p, w) describing a run of M on the input ε where

• universe A = 0, 1, 2, . . . , n or A = N;• f (t) = t + 1 if t + 1 ∈ A and f (t) = t, if t is the last element of A;• q(t) = i iff M is at time t in state qi;• p(t) is the head position of M at time t;• w(s, t) = i iff symbol ai is at time t on tape-cell s.

Note that we cannot enforce this model, but if ψM is satisfiable thisone will be among its models.

ψM := START ∧ COMPUTE ∧ END

START := (q0 = 0∧ p0 = 0∧ ∀x w(x, 0) = 0).

[Enforces input configuration on ε at time 0]

COMPUTE := NOCHANGE∧ CHANGE

NOCHANGE := ∀x∀y(py = x → w(x, f y) = w(x, y))

[content of currently not visited tape cells does not change]

CHANGE :=∧

δ:(qi ,aj) 7→(qk ,aℓ ,m)

∀y(αi,j → βk,ℓ,m)

where

αij := (qy = i ∧ w(py, y) = j)

[M is at time y in state qi and reads the symbol aj]

βk,ℓ,m := (q f y = k ∧ w(py, f y) = ℓ ∧MOVEm)

10


and

MOVEm :=

p f y = py if m = 0

p f y = f py if m = 1

∃z( f z = py ∧ p f y = z) if m = −1.

END :=∧

δ(qi ,aj) undef.qi ∈F+

∀y¬αij

[The only way the computation ends is in an accepting state]

Remark 1.19.

• ρ(M) 7→ ψM is an effective construction.

• If M accepts ε, the intended model is finite and is indeed a modelAM |= ψM, thus ψM ∈ Fin-sat(FO(τ)).

• If the computation of M on ε is infinite, the intended model isinfinite and AM |= ψM.

It remains to show that if M rejects ε, then ψM is unsatisfiable, andif the computation of M on ε is infinite and aperiodic, then ψM is aninfinity axiom.

Suppose B = (B, 0, f , q, p, w) |= ψM.

Definition 1.20. B enforces at time t the configuration (qi, j, w) withw = ai0 . . . aim ∈ Σ∗ if

(1) B |= qt = i,

(2) B |= pt = j,

(3) for all k ≤ m, B |= w(k, t) = ik and for all k > m, B |= w(k, t) = 0.

Since B |= ψM, the following holds:

• B enforces C0 = (q0, 0, ε) at time 0 (since B |= START.)

• If B enforces at time t a non-final configuration Ct, then B enforcesthe configuration Ct+1 = Next(Ct) at time t + 1.

• Especially, the computation of M cannot reach a rejecting configu-ration. It follows that if M rejects ε, then ψM is unsatisfiable.

11


Consider an infinite and aperiodic computation of M, and assumeB |= ψM is finite. Since B is finite, it enforces a periodic computa-tion in contradiction to the assumption that the computation of Mis aperiodic.

C0 ⊢ . . . ⊢ Cr ⊢ . . . ⊢ Ct−1

We have shown:

• If M accepts ε, then ψM has a finite model.

• If M rejects ε, then ψM is unsatisfiable.

• If the computation of M is infinite and aperiodic, then ψM is aninfinity axiom. q.e.d.

We now know that the sets of all finitely satisfiable, all unsatisfiableand all only infinitely satisfiable formulae are undecidable for FO(τ)

where τ consists of only three unary functions and one binary function.This raises a number of questions.

(1) For which other vocabularies σ do we have similar undecidabilityresults for FO(σ)?

(2) For which σ is satisfiability of FO(σ) decidable?

(3) Is there a complete classification? In this case, we want to find min-imal vocabularies σ such that the above problems are undecidable,i.e. vocabularies such that any further restriction yields a class offormulae for which satisfiability is decidable.

We first define what it means that a fragment of FO is as hard forsatisfiability as the whole FO.

Definition 1.21. X ⊆ FO is a reduction class if there exists a computablefunction f : FO→ X such that ψ ∈ Sat(FO)⇔ f (ψ) ∈ Sat(X).

Let X, Y ⊆ FO. A conservative reduction of X to Y is a computablefunction f : X → Y with

• ψ ∈ Sat(X)⇔ f (ψ) ∈ Sat(Y), and

• ψ ∈ Fin-sat(X)⇔ f (ψ) ∈ Fin-sat(Y).

12


X is a conservative reduction class if there exists a conservative re-duction of FO to X.

Corollary 1.22. Let X be a conservative reduction class. ThenFin-sat(X), Inf-axioms(X) and Non-sat(X) are pairwise recursively insep-arable, and thus Fin-sat(X), Sat(X), Val(X), Non-sat(X), Inf-axioms(X)

are undecidable.

Proof. A conservative reduction from FO to X yields a uniform reduc-tion from Fin-sat(FO), Inf-axioms(FO) and Non-sat(FO) to Fin-sat(X),Inf-axioms(X) and Non-sat(X), respectively. q.e.d.

We now observe that we can indeed give a complete classificationof signatures σ such that FO(σ) is decidable.

Theorem 1.23. If σ ⊆ P0, P1, . . . ∪ f consists of at most oneunary function f and an arbitrary number of monadic relationsP0, P1, . . ., then Sat(FO(σ)) is decidable. In all other cases, Sat(FO(σ)),Inf-axioms(FO(σ)) and Non-sat(FO(σ)) are pairwise recursively insepa-rable, and FO(σ) is a conservative reduction class.

A full proof of this classification theorem is rather difficult. Inparticular, the decidability of the monadic theory of one unary function,which implies the decidability part, is a difficult theorem due to Rabin.On the other side, one has to show that Trakhtenbrot’s theorem appliesto the vocabularies

τ1 = E where E is a binary relation,τ2 = f , g where f , g are unary functions,τ3 = F where F is a binary function,

and hence to all extensions of τ1, τ2, τ3.Of course, we may also look at other syntactic restrictions besides

restricting the vocabulary. One possibility is to restrict the number ofvariables. This is only interesting for relational formulae. If we havefunctions, satisfiability is undecidable even for formulae with only onevariable as we shall see.

Define FOk as first-order logic with relational symbols only and afixed amount of k variables, say x1, . . . , xk.

13


Theorem 1.24.

• FO2 has the finite model property and is decidable (see Chapter 2).• FO3 is a conservative reduction class.

Another possibility is to restrict the structure of quantifier prefixes.

Definition 1.25 (Prefix-Vocabulary Classes). A string in ∀, ∃∗ is calledprefix, and an arity sequence is a sequence assigning all positive integersvalues in N∪ ω.

For any set of prefixes Π and any arity sequences p and f , [Π, p, f ]and [Π, p, f ]= denote the collection of all formulae ϕ ∈ FO in prenexnormal form without equality and with equality, respectively, such that

• the prefix of ϕ belongs to Π,• the number of n-ary predicate symbols in ϕ is at most p(n) and• the number of n-ary function symbols in ϕ is at most f (n).• Except for the logical constants true and false, ϕ has no nullary

predicate symbols, no nullary function symbols and no free vari-ables.

The prefix set containing all prefixes and the arity sequence that assignsω to each n will be denoted all.

We write arity sequences as tuples, e.g., (2, 1, ω), (0) to express thattwo predicate symbols of arity 1, one of arity 2, unboundedly many ofarity 3 and no other predicate or function symbols are allowed.

Theorem 1.26 (Gurevich). Let X be a prefix class, p, q two arity se-quences and X = [Π, p, q]=.

• X is a conservative reduction class if it contains any of

(1) [∀, (0), (2)]=(2) [∀, (0), (0, 1)]=(3) [∀2∃, (ω, 1), (0)]=(4) [∃∗∀2∃, (0, 1), (0)]=(5) [∀2∃∗, (0, 1), (0)]=.

• If X is contained in one of the following classes, then Sat(X) andInf-axioms(X) are decidable

14

1.3 Domino problems

(6) [∃∗∀∗, all, (0)]=(7) [∃∗, all, all]=(8) [all, (ω), (1)]=(9) [∃∗∀∃∗, all, (1)]=.

This gives a complete classification.

1.3 Domino problems

Domino problems are a simple and yet general tool for proving unde-cidability without talking about Turing machines.

The informal idea is the following: a domino (type) is an orientedsquare with unit length and coloured edges. We consider the followingdecision problem.

Given: a finite set of domino types (infinite supply of each).

Question: does there exist a tiling of N×N such that adjacentedges have the same colour?

The undecidability of the stated problem is established by encodingcomputations of Turing machines in an appropriate way. A row of thetiling represents a configuration of a Turing machine.

Definition 1.27. A domino system is a structure D = (D, H, V) with

• a finite set D,

• horizontal and vertical compatibility relations H, V ⊆ D× D.

The meaning of H and V is that

• (d, d′) ∈ H if the right colour of d is equal to the left colour of d′,

• (d, d′) ∈ V if the top colour of d is equal to the bottom colour of d′

(see Figure 1.1).

A tiling of N×N by D is a function σ : N×N→ D such that for allx, y ∈N

• (σ(x, y), σ(x + 1, y)) ∈ H and

• (σ(x, y), σ(x, y + 1)) ∈ V.

15


A periodic tiling of N×N by D is a tiling σ for which two integersh, v ∈N exist such that for all x, y ∈N it holds σ(x, y) = σ(x + h, y) =σ(x, y + v). The decision problem DOMINO is described as

DOMINO := D : there exists a tiling of N×N by D

a

b

c

d

c

•

•

•

•

•

•

b

Figure 1.1. Domino adjacency condition

An important variant is the origin constrained tiling.

Definition 1.28. An origin constrained domino system is a system (D, D0)

with D0 ⊆ D. A tiling with origin constraint D0 is a tiling σ such thatσ(0, 0) ∈ D0. The corresponding decision problem is

CORNER-DOMINO := (D, D0) : there exists a tiling of N×N

with origin constraint D0.

Theorem 1.29 (Wang, Büchi). CORNER-DOMINO is undecidable.

Proof. We reduce Hωε = ρ(M) : the computation of M on ε is infinite,

which is co-r.e., to CORNER-DOMINO.Consider a 1-tape TM M = (Q, Σ, q0, δ, F), and construct (D, D0)

such that the computation of M on ε is infinite if and only if there existsa tiling of N×N by D with origin constraint D0.

Assume w.l.o.g. that M never moves off-tape to the left, i.e. inconfigurations (q, 0, w) it is never the case that δ(q, w0) = (q′, a,−1).

16

1.3 Domino problems

D consists of the following domino types.

For each a ∈ Σ ↔

a

↔

a

For each (q, a) ∈ Q× Σ withδ(q, a) = (q′, a′, 0)

↔

(q′, a′)

↔

(q, a)

For each (q, a) ∈ Q× Σ withδ(q, a) = (q′, a′, 1), for eachb ∈ Σ

↔

a′

(q, a)

(q, a)

(q, a)

(q′, b)

↔

b

For each (q, a) ∈ Q× Σ withδ(q, a) = (q′, a′,−1) for eachb ∈ Σ

↔

(q′, b)

(q, a)

b

(q, a)

a′

↔

(q, a)

Additionally there existdominoes

⊢

(q0,)

↔0

⊥

↔0

↔0

⊥

The origin constraint D0 con-sists of

⊢

(q0,)

↔0

⊥

Note that (D, D0) can be constructed effectively from M.

There is precisely one way of tiling the first row:

17


⊢

(q0,)

↔0

⊥

σ(0, 0)

↔0

↔0

⊥

σ(0, i) for all i > 0

· · ·

Assume the first j rows have been tiled correctly. Then the top edge ofrow j reads

w0 . . . wi−1(q, wi)wi+1 . . .

for Cj = (q, i, w0, w1, . . .), the jth configuration of M on ε.This tiling can be extended to a tiling of row j + 1 if and only if

there exists Cj+1 = Next(Cj).Conclusion: The computation of M on ε is infinite if and only if

there exists a tiling of N×N by (D, D0). q.e.d.

Stronger forms of this result are the following

Theorem 1.30 (Berger, Robinson). DOMINO (without origin constraint)is co-r.e. and undecidable.

Theorem 1.31. The problem of tiling Z×Z is reducible to the problemof tiling N×N. (Proof via König’s Lemma).

Theorem 1.32. The set of domino systems admitting a periodic tilingof N×N, those that admit no tiling of N×N and those that admit atiling but not a periodic one are pairwise recursively inseparable.

Definition 1.33. A computable function f is a reduction from dominosystems to X if, for all domino systems D, f (D) = ϕD is in X and thefollowing holds:

• D admits a periodic tiling of N×N⇒ ψD has a finite model

• D admits no tiling of N×N⇒ ψD is unsatisfiable

• D admits a tiling of N×N but no periodic one⇒ ψD is an infinityaxiom.

18

1.4 Applications of the domino method

Remark 1.34. Let X ∈ FO. If there exists a reduction from dominosystems to X then X is a conservative reduction class.

Proof. Since Fin-sat(FO) and Non-sat(FO) are recursively enumerableand Inf-axioms(FO) is co-recursively enumerable, we can associate withevery first-order formula ψ a Turing machine M such that

• ψ ∈ Fin-sat(FO)⇒ ρ(M) ∈ H+ε ,

• ψ ∈ Non-sat(FO)⇒ ρ(M) ∈ H−ε ,

• ψ ∈ Inf-axioms(FO)⇒ ρ(M) ∈ H∞ε .

The proof of 1.32 reduces the halting problems H+ε , H−ε , H∞

ε , to thedomino problems. There exists a recursive function that associates withevery TM M a domino system D satisfying

• If M ∈ H+ε then D admits a periodic tiling of N×N.

• If M ∈ H−ε then D admits no tiling of N×N.

• If M ∈ H∞ε then D admits a tiling of N×N but no periodic one.

Finally, according to to the assumption, there is a reduction D 7→ϕD from domino systems to X Thus, the domino method yields aconservative reduction from FO to X.

q.e.d.


We now apply the domino method to obtain several reduction classes.

Theorem 1.35. [∀∃∀, (0, ω), (0)] is a conservative reduction class.

Proof. Due to Remark 1.34 it suffices to give a reduction from dominosystems to X, i.e. find a mapping D 7→ ψD over a vocabulary consistingof binary relation symbols (Pd)d∈D such that

(1) D admits a periodic tiling of N×N⇒ ψD has a finite model

(2) D admits no tiling of N×N⇒ ψD is unsatisfiable

(3) D admits a tiling of N×N but no periodic one⇒ ψD is an infinityaxiom

19


The intended model is N with intended interpretation of Pd =

(i, j) ∈N×N : τ(i, j) = d for all d ∈ D. We define ψD by

ψD := ∀x∃y∀z( ∧

d =d′Pdxz→ ¬Pd′xz

∧∨

(d,d′)∈H

(Pdxz ∧ Pd′yz) ∧∨

(d,d′)∈V

(Pdzx ∧ Pd′zy))

.

Obviously ψD is of the desired format, i.e. ψD ∈ [∀∃∀, (0, ω), (0)].

(1) If D admits a periodic tiling of N×N, then ψD has a finite model.Let τ : N×N→ D be a periodic tiling such that for some h, v ∈N

τ(x, y) = τ(x + h, y) = τ(x, y + v) for all x, y. Let t := lcm(h, v) bethe least common multiple of h and v. Then τ induces a tiling

τ : Z/tZ×Z/tZ→ D

with τ′(x, y) = τ(x( mod t), y( mod t)).Thus, A = (Z/tZ, (Pd)d∈D) with Pd = (i, j) : τ′(i, j) = d is afinite model (for x in ψD choose y := x + 1 (mod t) in ψD .)

(2) If ψD has a model, then D admits a tiling.

(3) We want to show: if ψD has a finite model, then D admits a periodictiling. (In the case that ψD is unsatisfiable, we show with the samearguments as in (1) that if D admits a tiling of N×N, then ψDhas a model A = (N, (Pd)d∈D).)

Let now ψD have a finite model. To show that if ψD has a (finite)model, then D admits a (periodic) tiling we consider the Skolem normalform ϕD of ψD :

ϕD := ∀x∀z(∧

d =d′Pdxz→ ¬Pd′xz

∧∨

(d,d′)∈H

(Pdxz ∧ Pd′ f xz) ∧∨

(d,d′)∈V

(Pdzx ∧ Pd′z f x).

• Suppose B = (B, f , (Pd)d∈D) |= ϕD . Define a tiling τ : N×N→D as follows: choose b ∈ B, and set τ(i, j) := d for the unique

20


d ∈ D such that B |= Pd( f ib, f jb) for all i, j ∈N. Since B |= ϕD , τ

is a correct tiling.

• Suppose that B |= ϕD is finite:

• •f bf

· · · · · · •

f

Choose b ∈ B such that, for some t ≥ 1, f tb = b. Then the definedtiling τ is periodic.

q.e.d.

Corollary 1.36. FO3 is a conservative reduction class.

Later we show that FO2 has the FMP.

Consider sets of formulae X ⊆ FO over functional vocabularies.FO(τ) is a conservative reduction class if τ contains

• two unary functions or

• one binary function.

This is even true for sentences of the form ∀xϕ where ϕ is quantifier-free.

Theorem 1.37. [∀, (0), (2)]= and [∀, (0), (0, 1)]= are conservative reduc-tion classes.

Proof. We apply the domino method for formulae ∀xϕ where ϕ isquantifier-free with any number of unary functions, and then applya reduction/interpretation to reduce this to two unary/one binaryfunction/s.

Define a mapping D = (D, H, V) 7→ ψD where ψD is a formulaover the vocabulary f , g, (hd)d∈D where all function symbols areunary. The intended model is N×N with successor functions f and g.The subformula ∀x( f gx = g f x) ensures that the models of ψD containa two-dimensional grid. The fact that a position x is tiled by d ∈ D is

21


expressed by requiring that hdx = x, i.e. that x is a fixed point of hd.Now define

ψD := ∀x(

f gx = g f x ∧∧

d =d′(hdx = x → hd′x = x)

∧∨

(d,d′)∈H

(hdx = x ∧ hd′ f x = f x)

∧∨

(d,d′)∈V

(hdx = x ∧ hd′ gx = gx))

.

We claim that there exists a tiling σ : N×N → D if and only ifψD is satisfiable.

”⇒ ” Assume σ is a correct tiling. Construct the (intended) modelA = (N×N, f , g, (hd)d∈D) with

– f (i, j) = (i + 1, j),– g(i, j) = (i, j + 1),

– hd(i, j)

= (i, j) if σ(i, j) = d

= (i, j) otherwise.

Clearly A |= ψD .”⇐ ” Consider B = (B, f , g, (hd)d∈D) |= ψD .

Choose an arbitrary b ∈ B and define

σ : N×N→ D : σ(i, j) := d iff B |= hd f igjb = f igjb.

Note that every position is in exactly one of the hd. Then σ isa correct tiling. If B is finite, then σ is periodic, and thus thereduction is conservative.

We now show that we can sharpen the results, i.e. show that twounary function symbols are sufficient

Consider ∀xϕ ∈ [∀, (0), (ω)]= with monadic function symbolsf1, . . . , fm. Transform ϕ into ϕ := ϕ[x/hx, fi/hgi] where h, g are freshunary function symbols. This procedure transforms formulae over thevocabulary f1, . . . , fm into formulae over the vocabulary h, g. Theidea is to replace an application of fi by i applications of g. The secondfunction h takes care of unwanted equalities.

22


x

• • · · · •

f1 f2 fm

x

hx

• • · · · • •gm(hx)

h

g

g g

Claim: ∀xϕ is (finitely) satisfiable⇔ ∀xϕ is (finitely) satisfiable.

”⇐ ” Let B = (B, h, g) |= ∀xϕ. Construct A = (A, f1, . . . , fm) with

– A = hb : b ∈ B– fi(a) = (hgi)(a)

Then A |= ∀xϕ.

”⇒ ” Let A = (A, f1, . . . , fm) |= ∀xϕ. Construct B = (B, g, h) with

– B = A×(Z/(m + 1)Z

),

– g(a, i) = (a, i + 1),

– h(a, 0) = (a, 0),

– h(a, i) = ( fia, 0).

This transformation preserves the meaning of terms: Let t(x) =fi1 . . . fik

x be a term in ϕ. Then t(x) = hgi1 . . . hgik hx, and it holdsthat tB[a, 0] = (tA[a], 0). Now the claim follows via induction overthe structure of ϕ.

We now show that we need at most one binary function. The ideais to find an interpretation of g, h : A → A in a structure A = (A, F)with F : A× A→ A via

• g(a) = F(a, F(a, a)),

• h(a) = F(F(a, a), a)

23


where F(a, a) = a.Formally, consider a formula ∀xϕ with unary function symbols

f , g. Introduce a new binary function symbol F and translate

ϕ 7→ ϕg ∧ ϕh

where

ϕg := ϕ[x/g∗x, g/g∗, h/h∗],

ϕh := ϕ[x/h∗x, g/g∗, h/h∗]

with

g∗t = F(t, Ftt),

h∗t = F(Ftt, t).

Claim: ∀xϕ (finitely) satisfiable ⇔ ∀x(ϕg ∧ ϕh) (finitely) satisfi-able.

”⇒ ” Let A = (A, g, h) |= ∀xϕ be a model. Set B = (B, F) with

– B := A×Z/3Z

– F((a, i), (a, i)) := (a, i + 1)– F((a, i), (a, i + 1)) := (ga, 0)– F((a, i + 1), (a, i)) := (ha, 0).

Now, for all (a, i) ∈ B

g∗(a, i) = F((a, i), F(a, i)(a, i)

)= F

((a, i), (a, i + 1)

)= (ga, 0)

and

h∗(a, i) = (ha, 0).

Thus A is isomorphic to a copy of A defined in B.

A ∼= A∗ := ((a, 0) : a ∈ A, g∗, h∗).

Therefore, for all (a, i)

B |= ϕg(a, i)⇔ A∗ |= ϕ(ga, 0)

24

2 Finite Model Property

We study the finite model property for fragments of FO as a mean toshow that these fragments are decidable, and also to better understandtheir expressive power and algorithmic complexity.

Recall that a class X ⊆ FO has the finite model property if Sat(X) =

Fin-sat(X). Since for any decidable class X, Fin-sat(X) is r.e. and Sat(X)

is co-r.e., it follows that Sat(X) is decidable if X has the FMP. In manycases, the proof that a class has the finite model property provides abound on the model’s cardinality, and thus a complexity bound for thesatisfiability problem. To prove completeness for complexity classes wemake use of a bounded variant of the domino problem.

2.1 Ehrenfeucht-Fraïssé Games

2.1.1 Atomic Types

Definition 2.1. The atomic k-type of a1, . . . , ak in A is defined as

atpA(a1, . . . , ak) := γ(x1 . . . , xk) : γ atomic formula or negated

atomic formula such that A |= γ(a1, . . . , ak).

We assume that all structures contain unary or binary relations only.Hence, to describe a structure it suffices to define its universe and tospecify the atomic 1-types and 2-types for all of its elements.

Example 2.2. Let A be the structure (A, E1, . . . , Em) where the Ei arebinary relations. Then for a ∈ A:

atpA(a) = Eixx : A |= Eiaa ∪ ¬Eixx : A |= ¬Eiaa.

Definition 2.3. Let A and B be structures over the same signature and

27


a ⊆ A and b ⊆ B. We say that A, a is locally isomorphic to B, b andwrite A, a ≡0 B, b if a has the same atomic type in A as b in B.

2.1.2 The Game EFm(A,B)

The Ehrenfeucht-Fraïssé game EFm(A,B) is played by two playersaccording to the following rules.

The arena consists of the structures A and B. We assume thatA ∩ B = ∅. The players are called Spoiler and Duplicator, and a play ofEFm(A,B) consists of m moves.

In the i-th move, Spoiler chooses either an element ai ∈ A or anelement bi ∈ B. Duplicator answers by choosing an element in the otherstructure.

After m moves, elements a1, . . . , am from A and b1, . . . , bm fromB are chosen. Duplicator wins the play if A, (a1, a2, . . . , am) ≡0

B, (b1, b2, . . . , bm). Otherwise Spoiler wins.After i moves in EFm(A,B) are made, a position (a1, . . . , ai, b1, . . . , bi)

is reached. We denote the remaining subgame in which m− i movesare left by EFm−i(A, a1, . . . , ai,B, b1, . . . , bi).

A winning strategy of Spoiler for such a subgame is a functionwhich, for every reachable position, determines a move such that Spoilerwins each play which is consistent with this strategy, no matter howDuplicator plays. Winning strategies for Duplicator are defined analo-gously.

We say that Spoiler (respectively, Duplicator) wins the game EFm(A,B)

if this player has a winning strategy for EFm(A,B). By induction onthe number of moves it is easy to show that for every (sub)game exactlyone of the two players has a winning strategy.

Example 2.4.

• Let A = (Z,<), B = (R,<). Then Duplicator wins EF2(A,B), butSpoiler wins EF3(A,B).

• For a relational signature τ = E, P (where P has arity one andE has arity two), consider the structures A and B in Figure 2.1.Spoiler wins the game EF3(A,B), but Duplicator wins EF2(A,B).

28

2.1 Ehrenfeucht-Fraïssé Games

A:

P P P

P B:

P P

P

Figure 2.1. Two structuresA and B with A ≡2 B and A ≡3 B

2.1.3 The Game EF(A,B)

An important variant is the Ehrenfeucht-Fraïssé game EF(A,B) inwhich plays of arbitrary length are possible. In each play, Spoiler firstchooses an m ∈N, and then the players play the game EFm(A,B).

Spoiler wins the game EF(A,B) if and only if there exists an m ∈N

such that he wins the game EFm(A,B). In other words: Duplicatorwins EF(A,B) if and only if she has a winning strategy for each of thegames EFm(A,B).

Recall that two structures A and B are said to be elementarily m-equivalent, written A ≡m B, if no first-order formula of quantifier rank atmost m can separate both structures. If A ≡m B for all m ∈N we writeA ≡ B and say that A and B are elementarily equivalent. The followingtheorem shows that elementary equivalence and Ehrenfeucht-Fraïsségames are in some sense equivalent concepts.

Theorem 2.5 (Ehrenfeucht, Fraïssé). Let τ be finite and relational, andlet A,B be τ-structures.

(1) The following statements are equivalent:

(i) A ≡ B.(ii) Duplicator wins the Ehrenfeucht-Fraïssé game EF(A,B).

(2) For all m ∈N the following statements are equivalent:

(i) A ≡m B.(ii) Duplicator wins EFm(A,B).

In fact, even the following, somewhat stronger proposition holds(for a proof see the lecture notes of mathematical logic).

29


Theorem 2.6. Let A,B be τ-structures, a = a1, . . . , ar ∈ A, b =

b1, . . . , br ∈ B. If there exists a formula ψ(x) with qr(ψ) = m suchthat A |= ψ(a) and B |= ¬ψ(b) holds, then Spoiler has a winningstrategy for the game Gm(A, a,B, b).

We use the above to prove finite model property of the followingfragment of FO.

Theorem 2.7. If τ contains only unary predicates then FO[τ] has FMP.

Proof. Let A = (A, P1, . . . , Pn) and let qr(ϕ) = m. For each sequence ofbits α = α1 . . . αn we define Pα = Q1 ∩Q2 ∩ . . . ∩Qn, where Qi = Pi ifαi = 1 and Qi is the complement of Pi else.

Note that α | x ∈ Pα determines all atomic types of x. Weconstruct B by taking min(|Pα|, m) elements into each PB

α . Observethat B is defined in this way (take PB

i =⋃

α|αi=1 PBα ). We show that

A ≡m B using the Ehrenfeucht-Fraïssé Theorem.

The following is a winning strategy for Duplicator in EF(A,B):Answer each Spoiler’s choice of an element with an element of the sameatomic type in the other structure. Due to the construction it is possibleto do that for m moves. It also follows from the construction that ≡0 isnever violated and Duplicator wins the game. q.e.d.

You can see from the proof that the constructed finite model B is asub-model of A. It is not always the case, sometimes it is not possibleto find a finite sub-model, even for fragments with FMP.

2.2 FMP of Modal Logic

We proceed with proving that propositional modal logic (ML), whichis an important fragment of FO2, has the finite model property. Infact we establish an even stronger result showing that every satisfiableML-formula has a finite model that is a tree. Hence, we prove that MLhas the finite tree model property.

30


2.2.1 Modal Logic

Let us first briefly review the syntax and semantics of propositionalmodal logic (ML).

Definition 2.8. For a given set of actions A and atomic propertiesPi : i ∈ I, the syntax of ML is inductively defined as:

• All propositional logic formulae with propositional variables Pi arein ML.

• If ψ, ϕ ∈ ML, then also ¬ψ, (ψ ∧ ϕ) and (ψ ∨ ϕ) ∈ ML.• If ψ ∈ ML and a ∈ A, then ⟨a⟩ψ and [a]ψ ∈ ML.

Remark 2.9. If there is only one action a ∈ A, we write ♦ψ and ψ

instead of ⟨a⟩ψ and [a]ψ, respectively.

Definition 2.10. A transition system or Kripke structure with actions froma set A and atomic properties Pi : i ∈ I is a structure

K = (V, (Ea)a∈A, (Pi)i∈I)

with a universe V of states, binary relations Ea ⊆ V × V describingtransitions between the states, and unary relations Pi ⊆ V describingthe atomic properties of states.

A transition system can be seen as a labelled graph where thenodes are the states of K, the unary relations are labels of the states,and the binary transition relations are the labelled edges.

Definition 2.11. Let K = (V, (Ea)a∈A, (Pi)i∈I) be a transition system,ψ ∈ ML a formula and v a state of K. The model relationship K, v |= ψ,i.e. ψ holds at state v of K, is inductively defined:

• K, v |= Pi if and only if v ∈ Pi.• K, v |= ¬ψ if and only if K, v |= ψ.• K, v |= ψ ∨ ϕ if and only if K, v |= ψ or K, v |= ϕ.• K, v |= ψ ∧ ϕ if and only if K, v |= ψ and K, v |= ϕ.• K, v |= ⟨a⟩ψ if and only if there exists w such that (v, w) ∈ Ea andK, w |= ψ.

• K, v |= [a]ψ if and only if K, w |= ψ holds for all w with (v, w) ∈ Ea.

31


Definition 2.12. For a transition system K and a formula ψ we definethe extension

JψKK := v : K, v |= ψ

as the set of states of K where ψ holds.

2.2.2 Bisimulation

One of the most important notions in the analysis of modal logics isbisimulation. In fact bisimulation is closely related to logical equivalenceof Kripke structures with respect to formulae from ML.

Definition 2.13. LetK = (V, (Ea)a∈A, (Pi)i∈I) andK′ = (V′, (E′a)a∈A, (P′i )i∈I)

be transition systems. A bisimulation between K and K′ is a relationZ ⊆ V ×V′ such that for all (v, v′) ∈ Z(Pred) v ∈ Pi if and only if v′ ∈ P′i for all i ∈ I,(Forth) for all a ∈ A, w ∈ V with v a−→ w there exists a w′ ∈ V′ with

v′ a−→ w′ and it is (w, w′) ∈ Z,(Back) for all a ∈ A, w′ ∈ V′ with v′ a−→ w′ there exists a w ∈ V with

v a−→ w and it is (w, w′) ∈ Z.

Example 2.14.

rr

r

w1 w2

v

Q Q

P r r r u′ v′ w′

P Q

Z = (v, v′), (w1, w′), (w2, w′) is a bisimulation.

Definition 2.15. Let K,K′ be Kripke structures and let u ∈ V, u′ ∈ V′.(K, u) and (K′, u′) are bisimilar (for short, K, u ∼ K′, u′), if there existsa bisimulation Z between K and K′ such that (u, u′) ∈ Z.

2.2.3 Bisimulation Invariance of Formulae of Modal Logic

The fundamental importance of bisimulation origins in the fact thatformulae of modal logic are not able to distinguish between bisimilar

32


states. A more refined analysis considers the modal depth of formulae,i.e. the maximal depth of nesting of modal operators in a formula.

Definition 2.16. The modal depth of a formula ψ ∈ ML is defined induc-tively by

(1) md(ψ) = 0 for propositional formulae ψ,(2) md(¬ψ) = md(ψ),(3) md(ψ ϕ) = max(md(ψ), md(ϕ)) for ∈ ∧,∨,→,(4) md(⟨a⟩ψ) = md([a]ψ) = md(ψ) + 1.

Definition 2.17. Let K and K′ be two Kripke structures and let v ∈K, v′ ∈ K′.

(1) K, v ≡ML K′, v′ if for all ψ ∈ ML we have K, v |= ψ if and only ifK′, v′ |= ψ.

(2) K, v ≡nML K′, v′ if for all ψ ∈ ML with md(ψ) ≤ n we have K, v |=

ψ if and only if K′, v′ |= ψ.

One can refine the definition of the bisimilarity relation betweentransition systems as well. We say that (K, u) and (K′, u′) are n-bisimilar(for short, K, u ∼n K′, u′), if there exists a relation Z between K and K′

such that (u, u′) ∈ Z and Z has the property ’Pred’ and the ’Forth’ and’Back’ property for all pairs of nodes (v, v′) ∈ Z with distance at most nfrom (u, u′). For a formal (game theoretical) definition, see the lecturesnotes of mathematical logic.

Theorem 2.18. For Kripke structures K, K′ and u ∈ K, u′ ∈ K′ thefollowing holds:

(1) K, u ∼ K′, u′ ⇒ K, u ≡ML K′, u′.(2) K, u ∼n K′, u′ ⇒ K, u ≡n

ML K′, u′.

Statement (1) is called the bisimulation invariance of modal logic:

If K, v |= ψ and K, v ∼ K′, v′, then K′, v′ |= ψ.

The reverse only holds for finitely branching systems. A transitionsystem is finitely branching if for all states v and all actions a the setvEa := w : (v, w) ∈ Ea of a-successors of v is finite. (for proofs seethe lecture notes of mathematical logic).

33


Theorem 2.19. Let K,K′ be finitely branching transitions systems. Then

K, u′ ∼ K′, u′ if and only if K, u ≡ML K′, u′.

2.2.4 Tree Model Property

Definition 2.20. A transition system K = (V, (Ea)a∈A, (Pi)i∈I) with amarked node w is a tree if

(1) Ea ∩ Eb = ∅ for all actions a = b,(2) (V, E) is a (directed) tree with root w in the graph theoretical sense,

where E =⋃

a∈A Ea.

Definition 2.21. Let Φ be a set of formulae (of some logic, e.g. of modallogic or first-order logic) over a signature which contains at most binaryrelations and no functions.

(1) Φ has the finite model property (FMP) if every satisfiable formulaϕ ∈ Φ has a finite model.

(2) Φ has the tree model property (TMP) if every satisfiable formula inΦ has a tree as a model.

(3) Φ has finite tree model property if every satisfiable formula in Φ hasa finite tree as a model.

We shall prove that formulae of modal logic have the finite treemodel property. For that consider unfoldings of transition systems. Theunfolding of K from state v consists of all paths in K that start withv. Hereby every path is considered as a distinguished object, i.e. evenif two paths intersect, the unfolding T contains several copies of theintersection points and each state from K that is reachable from v viaa path is added to the unfolding, no matter whether is has alreadybeen reached. Self-loops in K correspond thus to infinite paths in theunfolding. Formally, unfoldings are defined as follows.

Definition 2.22. Let K = (VK , (EKa )a∈A, (PKi )i∈I) be a Kripke structureand let v ∈ VK. The unfolding of K from v is the Kripke structureTK,v = (VT , (ETa )a∈A, (PTi )i∈I) with

VT = v = v0a0v1a1v2 . . . vm−1am−1vm : m ∈N,

34


v0 = v, vi ∈ VK , ai ∈ A, (vi, vi+1) ∈ EKaifor all i < m

ETa = (v, w) ∈ VT ×VT : w = vaw for some w ∈ VK , a ∈ A

PTi = v = v0a0 . . . vm ∈ VT : vm ∈ PKi .

We write End(v) for the last state on the path v, so we have v ∈ PTiif and only if End(v) ∈ PKi .

Lemma 2.23. For all Kripke structures K and all states v in K we haveK, v ∼ TK,v, v.

Proof. Z := (w, w) ∈ VK ×VT : End(w) = w is a bisimulation fromK to TK,v with (v, v) ∈ Z. q.e.d.

Theorem 2.24. ML has the tree model property.

Proof. Let ψ be an arbitrary satisfiable formula from ML. Then there is amodel K, v |= ψ. Let T := TK,v be he unfolding of K, v. As K, v ∼ T , v,due to the bisimulation invariance of modal logic we have T , v |= ψ.Thus ψ has a tree model. q.e.d.

The same argument shows that every class of bisimulation invariantformulae has the tree model property.

2.2.5 Finite Model Property

For ML, we can prove a stronger result. For this, we use the notion ofthe closure C(ψ) of a formula ψ.

Definition 2.25. For every formula ψ ∈ ML we inductively define forall n ∈N the sets of formulae Cn(ψ) as follows:

(1) ψ ∈ C0(ψ).(2) If ¬ϕ ∈ Cn(ψ) then also ϕ ∈ Cn(ψ).(3) If (ϕ ∧ ϑ) ∈ Cn(ψ) or (ϕ ∨ ϑ) ∈ Cn(ψ) then also ϕ ∈ Cn(ψ) and

ϑ ∈ Cn(ψ).(4) If ⟨a⟩ϕ ∈ Cn(ψ) or [a]ϕ ∈ Cn(ψ) then ϕ ∈ Cn+1(ψ).

Finally let C(ψ) :=⋃

n∈N Cj(ψ).

35


The closure C(ψ) contains those formulae from ML that are sub-stantial for the evaluation of ψ; Cj(ψ) are hereby formulae that appear inψ within j nested modal operators. Notice that |C(ψ)| ≤ 2|ψ| (negatedformulas are added) and that Cn(ψ) = ∅ for all n > md(ψ).

Theorem 2.26. For every satisfiable formula ψ ∈ ML there is a finitetree structure T , v of depth ≤ md(ψ) and branching factor ≤ |C(ψ)|such that T , v |= ψ. Thus ML has finite tree model property.

Proof. Without loss of generality we can assume that ψ is in negationnormal form. As ψ is satisfiable, there exists a tree model T , u |= ψ.The depth of a node of T is its distance from the root. We define now alabelling function S which assigns a subset of Cm(ψ) to every node v ofT of depth m, namely

S(v) := ϕ ∈ Cm(ψ) : T , v |= ϕ.

We transform T in a finite tree structure by successively deletingunnecessary subtrees. Let T ′ ⊆ T be some subtree of T and let v be anode of T ′. Notice that T , v |= S(v). The following lemma provides asufficient condition for T ′, v |= S(v).

Lemma 2.27. Let the subtree T ′ ⊆ T be constructed in a way that thefollowing conditions are fulfilled.

(1) For every successor w of v in T ′ we have T ′, w |= S(w).

(2) For every formula of the form ⟨a⟩ϕ ∈ S(v) there exists an a-successor w⟨a⟩ϕ of v in the tree T ′ such that T ′, w⟨a⟩ϕ |= ϕ.

Then it is T ′, v |= S(v).

Proof. Each formula in S(v) is a combination of formulae of the formPi,¬Pi, ⟨a⟩ϕ and [a]ϕ that are built with ∧ and ∨. So it suffices to showfor every formula ϑ of this form that T , v |= ϑ implies T ′, v |= ϑ. Forϑ = Pi and ϑ = ¬Pi this is clear as the atomic properties of the node vare the same in T and T ′. For formulae [a]ϕ this follows from condition(1) and for formulae ⟨a⟩ϕ from condition (2). q.e.d.

36

2.3 Finite Model Property of FO2

Now we can construct a finite subtree T ′ as follows. First, let v bethe root of T . For every formula of the form ⟨a⟩ϕ ∈ S(v) we choosean a-successor w⟨a⟩ϕ ∈ vEa such that T , w⟨a⟩ϕ |= ϕ holds and delete allnot chosen successor nodes of v and the trees that have those nodesas roots from T . We continue this process for all remaining nodes ofdepth 1, 2, . . .. As the labelling S(v) of nodes of depth m = md(ψ) onlyconsists of formulae Pi and ¬Pi, the resulting tree has depth at mostm. Every node v has at most |S(v)| ≤ C(ψ) successors such that thebranching factor of T ′ is bounded by |C(ψ)|.

It follows by inductively proceeding from leaves to the root of T ′

that T ′, v |= S(v), in particular, T ′, v |= ψ. q.e.d.


We denote relational first-order logic over k variables by FOk, i.e.

FOk := ϕ ∈ FO : ϕ relational, ϕ only contains k variables.

One result of the previous chapter was that [∀∃∀, all, (0)] ⊆ FO3 is aconservative reduction class. We now prove that FO2 has the finitemodel property and is thus decidable. Note that FOk formulae are notnecessarily in prenex normal form. A further motivation for the studyof FO2 is that propositional modal logic can be viewed as a fragment ofFO2 (in fact ML can be proven to be precisely the bisimulation invariantfragment of FO2).

Before we proceed to prove the finite model property for FO2, as afirst step we establish a normal form for formulae in FO2.

Lemma 2.28 (Scott). For each sentence ψ ∈ FO2 one can construct inpolynomial time a sentence ϕ ∈ FO2 of the form

ϕ := ∀x∀yα ∧n∧

i=1∀x∃yβi

such that α, β1, . . . , βn are quantifier free and such that ψ and ϕ aresatisfiable over the same universe. Moreover, we have |ϕ| = O(|ψ| ·log |ψ|).

37


Proof. First of all, we can assume that formulae ϕ ∈ FO2 only containunary and binary relation symbols. This is no restriction since relationsof higher arity can be substituted by introducing new binary and unaryrelation symbols. For example, if R is a relation of arity three, one couldadd a unary relation Rx and three binary relations Rx,x,y, Rx,y,x andRx,y,y and replace each atom R(x, x, x) (or R(y, y, y)) by Rx(x) (or Rx(y))and atoms as R(x, x, y) or R(x, y, x) by Rx,x,y(x, y) and Rx,y,x(x, y) re-spectively. By adding appropriate new subformulae one can ensure thatthe semantics are preserved, i.e. that the newly introduced relationspartition a ternary relation in the intended sense. For example wewould introduce as a new subformula ∀x(Rx(x)↔ Rx,x,y(x, x)).

With ψ containing at most binary relations, we iterate the followingsteps until ψ has the desired form. We choose a subformula Qyη of ψ

(Q ∈ ∀, ∃, η quantifier free) and add a new unary relation R:

ψ′ := ψ[Qyη/Rx]

ψ 7→ ψ′ ∧ ∀x(Rx ↔ Qyη).

R captures those x that satisfy Qyη. The resulting formula ϕ is not yetof the desired form, but it is equivalent to the following:

(a) if Q = ∃, then

ϕ ≡ ψ′ ∧ ∀x∀y(η → Rx) ∧ ∀x∃y(Rx → η)

(b) else if Q = ∀, then

ϕ ≡ ψ′ ∧ ∀x∀y(Rx → η) ∧ ∀x∃y(η → Rx)

Now use that conjunctions of ∀∀-formulae are equivalent to a ∀∀-

formula and obtain ψ ≡ ∀x∀yα ∧n∧

i=1∀x∃yβi. q.e.d.

Theorem 2.29. FO2 has the finite model property. In fact, every satisfi-able formula ψ ∈ FO2 has a model with at most 2|ψ| elements.

Proof. The proof strategy is as follows: we start with a model A of ψ and

38


proceed by constructing a new model B of ψ such that |B| ≤ 2O(|ψ|).For the construction the following definitions will be essential.

An element a ∈ A is said to be a king of A if its atomic 1-type isunique in A, i.e. if atpA(b) = atpA(a) for all b = a. We let

• K := a ∈ A : a is a king of A be the set of kings of A, and• P := atpA(a) : a ∈ A, a /∈ K be the set of atomic 1-types which

are realized at least twice in A.

Since A |= ∀x∃yβi for i = 1, . . . , n, there exist (Skolem) functionsf1, . . . , fn : A → A such that A |= βi(a, fia) for all a ∈ A. The court ofA is defined as

C := K ∪ fik : k ∈ K, i = 1, . . . , n.

Let C be the substructure of A induced by C. We construct a modelB |= ψ with universe B = C ∪ (P× 1, . . . , n × 0, 1, 2).

A

CK

B

CK

P

P

P

To specify B we set B|C = C and for all other elements we spec-ify the 1- and 2-types (in this way fixing B on the remaining part).However,

(1) This must be done consistently:

• atpA(b, b′) and atpA(b, b′′) must agree on atpA(b), and• γ(x, y) ∈ atpB(b, b′)⇔ γ(y, x) ∈ atpB(b′, b).

(2) Of course we have to ensure that B |= ψ.

39


We illustrate the construction with the following example.

Example 2.30. Consider the formula ψ over the signature τ = R, B(red edges and blue edges).

ψ = ∃x(Rxx ∧ Bxx)

∧ ∀x∀y((Rxx ∧ Bxx ∧ Ryy ∧ Byy→ x = y)

∧(Rxx ∨ Bxx)

∧(Rxy ∧ Ryx → x = y)

∧(Bxy ∧ Byx → x = y)

∧(Bxy ∧ x = y→ Ryy))

∧ ∀x∃y(x = y ∧ (Rxx → Rxy)

∧ (Bxx → Bxy)).

Let A |= ψ, then A looks like follows:

• • • • · · ·

K C

In this case P = Rxx,¬Bxx, ¬Rxx, Bxx and the universe ofB is B = C ∪ (P× 1 × 0, 1, 2).

We proceed to construct B by specifying the 1-types and 2-typesof its elements as follows.

(1) The atomic 1-types of elements (p, i, j) are set to atpB((p, i, j)) = p.(2) The atomic 2-types atpB(b, b′) will be set so that B |= ∀x∃yβi for

i = 1, . . . , m.Choose for each p ∈ P an element h(p) ∈ A with atpA(h(p)) = p.Find for each b ∈ B and each i a suitable element b′ such thatB |= βi(b, b′) (by defining atpB(b, b′) appropriately).

(a) If b is a king, set b′ := fi(b) ∈ C ⊆ B. Then B |= βi(b, b′).(b) If b ∈ C \ K (non-royal member of the court), distinguish:

• If fi(b) ∈ K, then set b′ := fi(b) ∈ K ⊆ B.

40


• Otherwise it holds that atpA( fi(b)) = p ∈ P.In this case, set b′ := (p, i, 0). Now set atpB(b, b′) :=atpA(b, fi(b)). Thus B |= βi(b, b′) since A |= βi(b, fi(b)).

(c) If b = (p, j, ℓ) for some p ∈ P, j ∈ 1, . . . , n, ℓ ∈ 0, 1, 2, leta := h(p) and consider fi(a).If fi(a) ∈ K, set b′ = fi(a) and atpB(b, b′) := atpA(a, b′).If fi(a) /∈ K, then atpA( fi(a)) = p′ ∈ P.Set b′ := (p′, i, (ℓ+ 1) (mod 3)).Then set atpB(b, b′) := atpA(a, fi(a)), and thus B |= βi(b, b′).

To complete the construction of B, let b1, b2 ∈ B be such thatatpB(b1, b2) is not yet specified. Choose a1, a2 ∈ A so that

atpA(a1) = atpB(b1) and

atpA(a2) = atpB(b2)

and set

atpB(b1, b2) := atpA(a1, a2).

Since A |= α(a1, a2), also B |= α(b1, b2).For the previously considered example, B looks as follows:

C

K

P× 0 P× 1

P× 2

•

•

•

•

•

•

•

•

Overall, we obtain B |= ∀x∀yα ∧n∧

i=1∀x∃yβi = ψ, and the size of B

41


is restricted by

|B| = |C|︸︷︷︸≤|K|(n+1)

+ 3n|P| = O(n · # (atomic 1-types)) .

For k relation symbols, there are 2k atomic 1-types, hence |B| = 2O(|ψ|).q.e.d.

This result implies that Sat(FO2) is in NEXPTIME (indeed it isNEXPTIME-complete), since we can simply guess a finite structureA of exponential size (in the length of ψ) and verify that A |= ψ.

Corollary 2.31. Sat(FO2) ∈ NEXPTIME = (⋃k

NTIME(2nk)).

This is a typical complexity level for decidable fragments of FO.In fact, Sat(FO2) is even complete for NEXPTIME. For showing this,we reduce a bounded version of the domino problem to Sat(FO2).

Definition 2.32. Let D = (D, H, V) be a domino system and let Z(t)denote Z/tZ×Z/tZ. For a word w = w0, . . . , wn−1 ∈ Dn we say thatD tiles Z(t) with initial condition w if there is τ : Z(t)→ D such that

• if τ(x, y) = d and τ(x + 1, y) = d′ then (d, d′) ∈ Hfor all (x, y) ∈ Z(t) ,

• if τ(x, y) = d, τ(x, y + 1) = d′ then (d, d′) ∈ Vfor all (x, y) ∈ Z(t) and

• τ(i, 0) = wi for all i = 0, . . . , n− 1.

Let D be a domino system and T : N→N a mapping. Define

DOMINO(D, T) := w ∈ D∗ : D tiles Z(T(|w|)) with initial

condition w .

As before we describe a computation of a (in this case non-deterministic) Turing machine by a domino tiling in such a way thatthe input condition of the domino problem relates to the initial configu-ration of the Turing machine. The restrictions on the size of the tiledrectangle correspond to the time and space restrictions of the Turing

42


machine. To prove that a problem A is NEXPTIME-hard, it suffices toshow that DOMINO(D, 2n) ≤p A.

Our goal is to show that DOMINO(D, 2n) reduces to Sat(X) forrelatively simple classes X ⊆ FO. Set

X = ϕ ∈ FO2 : ϕ = ∀x∀y α ∧ ∀x∃y β, s.t. α, β quantifier-free,

without =, and with only monadic predicates .

We show that Sat(X) is NEXPTIME-complete and hence alsoSat(FO2) is NEXPTIME-complete.

Lemma 2.33. For each domino system D = (D, H, V) there exists apolynomial time reduction w ∈ Dn 7→ ψw ∈ X such that D tiles Z(2n)

with initial condition w if and only if ψw is satisfiable.

Proof. The intended model of ψw is a description of a tiling τ : Z(2n)→D in the universe Z(2n).

Let z = (a, b) ∈ Z(2n) with a =n−1∑

i=0ai2i and b =

n−1∑

i=0bi2i. Encode

the tuple as (ao, . . . , an−1, b0, . . . , bn−1) ∈ 0, 12n.To encode the tiling, we define ψw with the monadic predicates Xi,

X∗i , Yi, Y∗i , Ni for 0 ≤ i < n and Pd(d ∈ D) with the following intendedmeaning:

Xiz iff ai = 1.

X∗i z iff aj = 1 for all j < i.

Yiz iff bj = 1.

Y∗i z iff bj = 1 for all j < i.

Niz iff z = (i, 0).

Pdz iff τ(z) = d.

ψw will have the form ψw = ∀x∀yα ∧ ∀x∃yβ, where β accountsfor the correct interpretation of Xi, X∗i , Yi, Y∗i , Ni and ensures that everyelement has a successor, and α accounts for the description of a correcttiling.

43


Now β is the the following formula:

β = X∗0 x ∧Y∗0 x

∧n−1∧i=1

X∗i x ↔ (X∗i−1x ∧ Xi−1x)

∧n−1∧i=1

Y∗i x ↔ (Y∗i−1x ∧Yi−1x)

∧n−1∧i=0

Xiy↔ (Xix⊕ X∗i x)

∧n−1∧i=0

Yiy↔ (Yix⊕ (Y∗i x ∧ Xn−1x ∧ X∗n−1x))

∧ N0x ↔ (n−1∧i=0¬Xix ∧ ¬Yix)

∧n−1∧i=0

Nix ↔ Ni+1y.

We define the following shorthands for use in α:

H(x, y) :=n−1∧i=0

(Yiy↔ Yix) ∧n−1∧i=0

(Xiy↔ (Xix⊕ X∗i x))

V(x, y) :=n−1∧i=0

(Xiy↔ Xix) ∧n−1∧i=0

(Yiy↔ (Yix⊕Y∗i x)).

Now α is defined to be

α =∧

d =d′¬(Pdx ∧ Pd′x)

∧ (H(x, y)→∨

(d,d′)∈H

(Pdx ∧ Pd′y))

∧ (V(x, y)→∨

(d,d′)∈V

(Pdx ∧ Pd′y))

∧ (n−1∧i=i

(Nix → Pwi x)).

44


Claim 2.34. ψw is satisfiable if and only if D tiles Z(2n) with initialcondition w.

Proof. We show both directions.

(⇐) Consider the intended model, ψw holds in it.(⇒) Consider C = (C, X1, . . .) |= ψw and define a mapping

f : C → Z(2n)

c 7→ (a, b) ≡ (a0, . . . , an−1, b0, . . . , bn−1)

with ai = 1 iff C |= Xic and

bi = 1 iff C |= Yic.

As C |= ∀x∃yβ, f is surjective. Choose for each z ∈ Z(2n) anelement c ∈ f−1(z) and set τ(z) = d for the unique d that satisfiesC |= Pdc. Then τ is a correct tiling with initial condition w. q.e.d.

Since the length of ψw is |ψw| = O(n log n), the above claim com-pletes the proof of the lemma. q.e.d.

45

3 Descriptive Complexity

In this chapter we study the relationship between logical definabilityand computational complexity on finite structures. In contrast to thetheory of computational complexity we do not measure resources astime and space required to decide a property but the logical resourcesneeded to define it. The ultimate goal is to characterize the complexityclasses known from computational complexity theory by means of logic.

We first define what it means for a logic to capture a complexityclass. One of the main results is due to Fagin, stating that existentialsecond order logic captures NP, while it is still unknown whether thereexists a logic capturing PTIME on all finite structures. A deeper analysisof the proof of Fagin’s Theorem shows that SO-HORN logic capturesPTIME on all ordered finite structures.

We further introduce least-fixed point logic, LFP, and prove theresult of Immerman and Vardi which states that least fixed-point logicalso captures PTIME on all ordered finite structures. We compare LFPto inflationary fixed-point logic (IFP), which turns out to be equivalentto LFP. Finally, we present partial fixed-point logic PFP and logics withcounting.

3.1 Logics Capturing Complexity Classes

Assume we have a class of finite τ-structures. To measure the complexityof problems we have to represent the structures by strings over a finitealphabet Σ so that they can be used as inputs for Turing machines. SinceTuring machines accept words and logics do not distinguish betweenisomorphic structures, for encoding a structure it is necessary to fix anordering on the universe before.

By Ord(τ) we denote the class of all finite structures (A,<), where

47


A is a τ-structure and < is a linear order on its universe. For anystructure A ∈ Ord(τ) with universe of size n, and for a fixed k, we canidentify Ak with the set 0, 1, . . . , nk − 1. This is done by associatingeach k-tuple a with its rank in the lexicographic ordering induced by <

on Ak. When we talk about the a-th element, we understand it in thissense.

Definition 3.1. An encoding is a function mapping ordered structures towords. An encoding code(·) : Ord(τ)→ Σ∗ is good if it identifies iso-morphic structures, is polynomially bounded, first-order definable andallows to compute the values of atomic statements efficiently. Formally,the following abstract conditions must be satisfied.

• code(A,<) = code(B,<) iff (A,<) ∼= (B,<).

• There is a fixed polynomial p such that |code(A,<)| ≤ p(|A|) forall (A,<) ∈ Ord(τ).

• For all k ∈ N and all σ ∈ Σ there exists a first-order formulaβσ(x1, . . . , xk) of vocabulary τ ∪ < so that for all (A,<) and alla ∈ Ak it holds that

(A,<) |= βσ(a)⇔ the a-th symbol of code(A,<) is σ.

• Given code(A,<) a relation symbol R of τ and a tuple a one canefficiently decide whether A |= Ra.

The meaning of “efficiently” in the last condition may depend onthe context, here we understand it is as evaluated in linear time andlogarithmic space.

Example 3.2. Let A = (A, R1, . . . , Rm) be a structure with a linear order< on A. Let |A| = n and let si be the arity of Ri. Let ℓ be the maximalarity of R1, . . . , Rm. For each relation we define

χ(Rj) = w0 . . . wnsj−10nℓ−nsj ∈ 0, 1nℓ,

where wi = 1 if the i-th element of Asj is in Rj. Now

code(A,<) := 1n0nℓ−nχ(R1) . . . χ(Rm).

48

3.2 Fagin’s Theorem

When we say that an algorithm decides a class K of finite τ-structureswe actually mean that it decides

code(K) = code(A,<) : A ∈ K,< a linear order on A.

Definition 3.3. A model class is a class K of structures of a fixed vocabu-lary τ that is closed under isomorphism, i.e. if A ∈ K and A ∼= B, thenB ∈ K.

A domain is an isomorphism closed class D of structures where thevocabulary is not fixed. For a domain D and vocabulary τ, we writeD(τ) for the class of τ-structures in D.

Definition 3.4. Let L be a logic, Comp a complexity class and D adomain of finite structures. L captures Comp on D if

(1) For every vocabulary τ and every (fixed) sentence ψ ∈ L(τ), themodel-checking problem for ψ on D(τ) is in Comp.

(2) For every vocabulary τ and any model class K ⊆ D(τ) whosemembership problem is in Comp, there exists a sentence ψ ∈ L(τ)such that

K = A ∈ D(τ) : A |= ψ.


Existential second-order logic (Σ11) is the fragment of second-order logic

consisting of formulae of the form ∃R1 . . . ∃Rm ϕ where ϕ ∈ FO andR1, . . . , Rm are relation symbols. As we will see in this chapter, thelogic Σ1

1 captures the complexity class NP on the domain of all finitestructures.

Example 3.5. 3-Colorability of a graph G = (V, E) is in NP and indeedthere is a Σ1

1-formula defining the class of graphs which possess a valid3-coloring:

∃R∃B∃Y ( ∀x(Rx ∨ Bx ∨Yx)

∧ ∀x∀y(Exy→ ¬((Rx ∧ Ry) ∨ (Bx ∧ By) ∨ (Yx ∧Yy))

49


Theorem 3.6 (Fagin). Existential second-order logic captures NP on thedomain of all finite structures.

Proof.The proof consists of two parts. First of all, let ψ = ∃R1 . . . ∃Rm ϕ ∈ Σ1

1be an existential second-order sentence. We show that it can be decidedin non-deterministic polynomial time whether a given structure A is amodel of ψ.

In a first step, we guess relations R1, . . . , Rm on A. Recall thatrelations can be identified with binary strings of length nsi , wheresi is the arity of Ri. Then we check whether (A, R1, . . . , Rm) |= ϕ

which can be done in LOGSPACE and hence in PTIME. Thus thecomputation consists of guessing a polynomial number of bits followedby a deterministic polynomial time computation, showing that theproblem is in NP.

For the other direction, let K be an isomorphism-closed class ofτ-structures and let M be a non-deterministic TM deciding code(K) inpolynomial time. We construct a sentence ψ ∈ Σ1

1 such that for all finiteτ-structure A it holds that

A |= ψ⇔ M accepts code(A,<) for any linear order < on A.

Let M = (Q, Σ, q0, F+, F−, δ) with accepting and rejecting states F+ andF− and δ : (Q× Σ) → P(Q× Σ× 0, 1,−1) which, given an inputcode(A,<), decides in non-deterministic polynomial time whether A

belongs to K or not. We assume that all computations of M reach anaccepting or rejecting state after precisely nk steps (n := |A|).

We encode a computation of M on code(A,<) by relations X andconstruct a first-order sentence ϕM ∈ FO(τ ∪ < ∪ X) such that forevery linear order < there exists X with (A,<, X) |= ϕM if and only ifcode(A,<) ∈ L(M). To this end we show that

• If X represents an accepting computation of M on code(A,<) then(A,<, X) |= ϕM.

• If (A,<, X) |= ϕM then X contains a representation of an acceptingcomputation of M on code(A,<).

50


Accordingly the desired formula ψ is then obtained via existentialsecond-order quantification

ψ := (∃ <)(∃X)(”< is a linear order ”∧ ϕM).

Details:

• We represent numbers up to nk as tuples in Ak.

• For each state q ∈ Q we introduce a predicate

Xq := t ∈ Ak : at time t the TM M is in state q.

• For each symbol σ ∈ Σ we define

Yσ := (t, a) ∈ Ak × Ak : at time t the cell a contains σ.

• The head predicate is

Z := (t, a) ∈ Ak × Ak : at time t the head of M

is at position a.

Now ϕM is the universal closure of START∧COMPUTE∧ END.

START := Xq0 (0) ∧ Z(0, 0) ∧∧

σ∈Σ(βσ(x)→ Yσ(0, x)).

Recall that βσ states that the symbol at position x in code(A,<) is σ.The existence of the formulae βσ is guaranteed by the fact that code(·)is a good encoding. In what follows, we denote by x + 1 and x− 1 afirst-order formula that defines the direct successor and predecessor ofthe tuple x (in the lexicographical ordering on tuples that is induced bythe linear order <), respectively.

COMPUTE := NOCHANGE∧CHANGE.

51


NOCHANGE :=∧

σ∈Σ(Yσ(t, x) ∧ Z(t, y) ∧ y = x

∧ t′ = t + 1→ Yσ(t′, x)).

CHANGE :=∧

q∈Q,σ∈Σ(PRE[q, σ]→

∨(q′ ,σ′ ,m)∈δ(q,σ)

POST[q′, σ′, m]),

where

PRE[q, σ] := Xq(t) ∧ Z(t, x) ∧ Yσ(t, x) ∧ t′ = t + 1,

POST[q′, σ′, m] := Xq′ (t′) ∧ Yσ′ (t

′, x) ∧ MOVEm[t′, x],

and

MOVEm[t′, x] :=

∃y(x− 1 = y ∧ Z(t′, y)), m = −1

Z(t′, x), m = 0

∃y(x + 1 = y ∧ Z(t′, y)), m = 1.

Finally, we let

END :=∧

q∈F−¬Xq(t).

It remains to show the following two claims.Claim 1. If X represents an accepting computation of M on code(A,<)

then (A,<, X) |= ϕM. This, however, follows immediately from theconstruction of ϕM.Claim 2. If (A,<, X) |= ϕM, then X contains a representation of anaccepting computation of M on code(A,<). We define

CONF[C, j] := Xq(j) ∧ Z(j, p) ∧nk−1∧i=0

Ywi (j, i)

for configurations C = (w0 . . . wnk−1, q, p) (tape content w0 . . . wnk−1,state q, head position p), i.e. the conjunction of the atomic statementsthat hold for C at time j. Let C0 be the input configuration of M oncode(A,<). Since (A,<, X) |= START it follows that

52

3.3 Second Order Horn Logic on Ordered Structures

(A,<, X) |= CONF[C0, 0].

Since (A,<, X) |= COMPUTE and (A,<, X) |= CONF[Ci, t], for someCi ⊢ Ci+1 it holds that (A,<, X) |= CONF[Ci+1, t + 1].

Finally, no rejecting configuration can be encoded in X because(A,<, X) |= END. Thus an accepting computation

C0 ⊢ C1 ⊢ . . . ⊢ Cnk−1

of M on code(A,<) exists, with (A,<, X) |= CONF[Ci, i] for all i ≤nk − 1. This completes the proof of Fagin’s Theorem. q.e.d.

Theorem 3.7 (Cook, Levin). SAT is NP-complete.

Proof. Obviously SAT ∈ NP. We show that for any Σ11-definable class K

of finite structures the membership problem A ∈ K can be reduced toSAT. By Fagin’s Theorem, there exists a first-order sentence ψ such that

K = A ∈ Fin(τ) : A |= ∃R1 . . . ∃Rmψ.

Given A, construct a propositional formula ψA as follows.

• replace ∃xi ϕ by∨

a∈A ϕ[xi/a],• replace ∀xi ϕ by

∧a∈A ϕ[xi/a],

• replace all closed τ-atoms Pa in ψ with their truth values,• replace all atoms Ra with propositional variables PRa.

This is a polynomial transformation and it holds that

A ∈ K ⇔ A |= ∃R1 . . . ∃Rmψ⇔ ψA ∈ SAT.

q.e.d.


The problem of whether there exists a logic capturing PTIME on allfinite structures is still open. The theorem of Immerman and Vardistates that least fixed-point logic captures PTIME on the class of allordered finite structures. We first present the result of Grädel that

53


on ordered finite structures SO-HORN captures PTIME. This resultfollows from a careful analysis of the proof of Fagin’s Theorem (indeed,the construction we used in its proof is not the standard one, but anoptimized version so that it can be adapted for showing that SO-HORNcaptures PTIME on ordered structures).

Definition 3.8. Second-order Horn logic, denoted by SO-HORN, is theset of second-order sentences of the form

Q1R1 . . . QmRm∀y1 . . . ∀ys

t∧i=1

Ci,

where Qi ∈ ∃, ∀ and the Ci are Horn clauses, i.e. implications

β1 ∧ . . . ∧ βm → H,

where each β j is either a positive atom Rkz or an FO-formula that doesnot contain R1, . . . , Rm. H is either a positive atom Rjz or the Booleanconstant 0.

Σ11-HORN denotes the existential fragment of SO-HORN, i.e. the

set of SO-HORN sentences where all second-order quantifiers are exis-tential.

Theorem 3.9. Every sentence ψ ∈ SO-HORN is equivalent to a sentenceψ′ ∈ Σ1

1-HORN.

Proof. It suffices to prove the theorem for formulae of the form

ψ = ∀P∃R1 . . . ∃Rm∀zϕ,

where ϕ is a conjunction of Horn clauses and m ≥ 0 (for m = 0, theformula has the form ∀P∀zϕ). Indeed we can then eliminate universalquantifiers beginning with the inner most one by considering only thepart starting with that universal quantifier.

Lemma 3.10. A formula ∃R∀zϕ(P, R) ∈ Σ11-HORN holds for all rela-

tions P on a structure A if and only if it holds for those P that are falseat at most one point.

54


Proof. Let k be the arity of P. For every k-tuple a, let Pa = Ak − a, i.e.the relation that is false at a and true at all other points. By assumption,there exist Ra such that

(A, Pa, Ra) |= ∀zϕ.

Now consider any P = Ak and let Ri :=⋂

a/∈P Rai . We show that

(A, P, R) |= ∀zϕ where R is the tuple consisting of all Ri.

Suppose that this is false, then there exists a relation P = Ak,a clause C of ϕ and an assignment ρ : z1, . . . , zs → A such that(A, P, R) |= ¬C[ρ]. We proceed to show that in this case there exists atuple a such that (A, Pa, Ra

) |= ¬C[ρ] and thus

(A, Pa, Ra) |= ¬∀zϕ

which contradicts the assumption.

• If the head of C[ρ] is Pa, then take a = u /∈ P.

• If the head of C[ρ] is Riu, then choose a /∈ P such that u /∈ Rai ,

which exists because u /∈ Ri.

• If the head is 0, take an arbitrary a /∈ P.

The head of C[ρ] is clearly false in (A, Pa, Ra). Pa does not occur

in the body of C[ρ], because a /∈ P and all atoms in the body of C[ρ] aretrue in (A, P, R). All other atoms of the form Pi that might occur in thebody of the clause remain true for Pa. Moreover, every atom Riv in thebody remains true if Ri is replaced by Ra

i because Ri ⊆ Rai . This implies

(A, Pa, Ra) |= ¬C[ρ]. q.e.d.

Using the above lemma, the original formula ψ = ∀P∃R1 . . . ∃Rm∀zϕ

is equivalent to

∃R ∀zϕ[Pu/u = u] ∧ ∀y ∃R ∀zϕ[Pu/u = y].

This formula can be converted again to Σ11-HORN; in the second part

we push the external first-order quantifiers inside while increasing the

55


arity of quantified relations by |y| to compensate it, i.e. we get

∃R′ ∀y zϕ[Pu/u = y, R(x)/R′(x, y)].

q.e.d.

Theorem 3.11. If ψ ∈ SO-HORN, then the set of finite models of ψ,Mod0(ψ), is in PTIME.

Proof. Given ψ′ ∈ SO-HORN, transform it to Σ11-HORN, ψ =

∃R1 . . . ∃Rm∀z∧

i Ci. Given a finite structure A reduce the problemof whether A |= ψ to HORNSAT (as in the proof of the theorem of Cookand Levin).

• Omit quantifiers ∃Ri.• Replace the universal quantifiers ∀ziη(zi) by

∧a∈A η[zi/a].

• If there is a clause that is already made false by this interpretation,i.e. C = 1 ∧ . . . ∧ 1 → 0, reject ψ. Else interpret atoms Riu aspropositional variables.

The resulting formula is a propositional Horn formula with lengthpolynomially bounded in |A| and which is satisfiable iff A |= ψ. Thesatisfiability problem HORNSAT can be solved in linear time. q.e.d.

Theorem 3.12 (Grädel). On ordered finite structures SO-HORN andΣ1

1-HORN capture PTIME.

Proof. We analyze the formula ϕM constructed in the proof of Fagin’sTheorem in the case of a deterministic TM M. Recall that ϕM is the uni-versal closure of START ∧NOCHANGE ∧ CHANGE ∧ END. START,NOCHANGE and END are already in Horn form. CHANGE has theform ∧

q∈Q,σ∈Σ(PRE[q, σ]→

∨(q′ ,σ′ ,m)∈δ(q,σ)

POST[q′, σ′, m]).

For a deterministic M for each (q, σ) there is a unique δ(q, σ) =

(q′, σ′, m). In this case PRE[q, σ] → POST[q′, σ′, m] can be replacedby the conjunction of the Horn clauses

56


• PRE[q, σ]→ Xq′ (t′)

• PRE[q, σ]→ Yσ′ (t′, x)

• PRE[q, σ] ∧ y = x + m→ Z(t′, y).

q.e.d.

Remark 3.13. The assumption that a linear order is explicitly availablecannot be eliminated, since linear orderings are not definable by Hornformulae.

57

4 LFP and Infinitary Logics

One of the distinguishing features of finite model theory comparedwith other branches of logic is the eminent role of various kinds offixed-point logics. Fixed-point logics extend a basic logical formalism(such as first-order logic, conjunctive queries, or propositional modallogic) by a constructor for expressing fixed points of relational operators.

What do we mean by a relational operator? Note that any formulaψ(R, x) of vocabulary τ ∪ R where R is a relational symbol of arity kand x is a k-tuple of variables that are free in ψ can be viewed as defining,for every τ-structure A, an update operator Fψ : P(Ak) → P(Ak) onthe class of k-ary relations on A, namely

Fψ : R 7→ a : (A, R) |= ψ(R, a).

A fixed point of Fψ is a relation R for which Fψ(R) = R. In general,a fixed point of Fψ need not exist, or there may exist many of them.However, if R happens to occur only positively in ψ, then the operatorFψ is monotone, and in that case there exists a least relation R ⊆ Ak

such that Fψ(R) = R. The most influential fixed-point formalisms inlogic are concerned with least (and greatest) fixed points, so we shalldiscuss these first. We start by reviewing the necessary mathematicalfoundations and we also show how least fixed-point logic is related toinfinitary first-order logic.

4.1 Ordinals

The standard basic notion used in mathematics is the notion of a set,and all mathematical theorems follow from the axioms of set theory. Thestandard set of axioms is known as Zermelo-Fraenkel Set Theory ZF. Theseaxioms guarantee, for instance, the existence of an empty set, an infinite

59


set, the power set of any set, and that no set is a member of itself (i.e.∀x ¬x ∈ x). It is common in mathematics to extend ZF by the axiom ofchoice AC and to denote the resulting set of axioms by ZFC.

In particular, the notion of numbers can be formalised by sets. Thestandard way to do this is to start with the empty set, i.e. let 0 = ∅, andproceed by induction, defining n + 1 = n ∪ n. Here are the first fewnumbers in this representation:

• 0 = ∅,• 1 = ∅,• 2 = ∅, ∅,• 3 = ∅, ∅, ∅, ∅.

In this way we can construct all natural numbers. Observe that for eachsuch number n (viewed as a set) it holds that

m ∈ n =⇒ m ⊆ n.

In particular, the relation ∈ is transitive in such sets, i.e. if k ∈ m andm ∈ n then k ∈ n. We use this property of sets to define a more generalclass of numbers.

Definition 4.1. A set α is an ordinal number if ∈ is transitive in α.

Besides natural numbers, what other ordinal numbers are there?The smallest example is ω =

⋃n∈N n, the union of all natural numbers.

Indeed, it is easy to check that the union of ordinals is always an ordinalas well (as long as it is a set).

What is the next ordinal number after ω? We can again apply the+1 operation in the same way as for natural numbers, so

ω + 1 = ω ∪ ω = 0, 1, 2, . . . , 0, 1, . . ..

But does it make sense to say that ω + 1 is the next ordinal, or, toput it more generally: is there an order on ordinals? In fact both, eachordinal as a set and all ordinals as a class, are well-ordered, i.e. thefollowing holds:

• for any two ordinal numbers α and β either α ⊆ β or β ⊆ α;

60

4.2 Some Fixed-Point Theory

• there exists no infinite descending sequence of ordinals

α0 ) α1 ) α3 ) · · · ;

• each ordinal α is well-ordered by ∈.

Ordinals are intimately connected to well-orders, in fact any struc-ture (A,<) where < is a well-order is isomorphic to some ordinal α.To get an intuition on how ordinals look like, consider the followingexamples of countable ordinals: ω + 1, ω + ω, ω2, ω3, ωω .

The well-order of ordinals allows to define and prove the principleof transfinite induction. This principle states that the class of all ordinalsis generated from ∅ by taking the successor (+1) and the union on limitsteps, as shown on the examples before. Specifically, for each ordinal α

it holds that either

• there exists an ordinal β < α such that α = β + 1 = β ∪ β, or• there exist ordinals βγ < α such that α =

⋃γ βγ.

Besides ordinals, we sometimes need cardinal numbers Cn whichformalise the notion of cardinalities of sets. A cardinal number κ ∈ Cnis a smallest ordinal number, i.e. κ is an ordinal number with which nostrictly smaller ordinal number can be put into bijection. For example,every natural number and ω itself are cardinal numbers, but ω2 ∈ Cn.We denote the class of infinite cardinal numbers by Cn∞.


There is a well-developed mathematical theory of fixed points of mono-tone operators on complete lattices. A complete lattice is a partial order(A,≤) such that each set X ⊆ A has a supremum (a least upper bound)and an infimum (a greatest lower bound). Here we are interestedmainly in power set lattices (P(Ak),⊆) (where A is the universe of astructure), and later in product lattices (P(B1)× · · · × P(Bm),⊆). Forsimplicity, we shall describe the basic facts of fixed-point theory forlattices (P(B),⊆), where B is an arbitrary (finite or infinite) set.

Definition 4.2. Let F : P(B)→ P(B) be an operator.

61


(1) X ⊆ B is a fixed point of F if F(X) = X.

(2) A least fixed point or a greatest fixed point of F is a fixed point X of Fsuch that X ⊆ Y or Y ⊆ X, respectively, for each fixed point Y of F.

(3) F is monotone, if X ⊆ Y =⇒ F(X) ⊆ F(Y) for all X, Y ⊆ B.

Theorem 4.3 (Knaster and Tarski). Every monotone operator F :P(B) → P(B) has a least fixed point lfp(F) and a greatest fixed pointgfp(F). Further, these fixed points may be written as

lfp(F) =⋂X : F(X) = X =

⋂X : F(X) ⊆ X

gfp(F) =⋃X : F(X) = X =

⋃X : F(X) ⊇ X.

Proof. Let S = X ⊆ B : F(X) ⊆ X and Y =⋂

S. We first show that Yis a fixed point of F.

F(Y) ⊆ Y. Clearly, Y ⊆ X for all X ∈ S. As F is monotone, it followsthat F(Y) ⊆ F(X) ⊆ X. Hence F(Y) ⊆ ⋂

S = Y.

Y ⊆ F(Y). As F(Y) ⊆ Y, we have F(F(Y)) ⊆ F(Y), and hence F(Y) ∈ S.Thus Y =

⋂S ⊆ F(Y).

By definition, Y is contained in all X such that F(X) ⊆ X. Inparticular Y is contained in all fixed points of F. Hence Y is the leastfixed point of F.

The argument for the greatest fixed point is analogous. q.e.d.

Least fixed points can also be constructed inductively. We call anoperator F : P(B) → P(B) inductive if the sequence of its stages Xα

(where α is an ordinal), defined by

X0 := ∅,

Xα+1 := F(Xα), and

Xλ :=⋃

α<λ

Xα for limit ordinals λ,

is increasing, i.e. if Xβ ⊆ Xα for all β < α. Obviously, monotoneoperators are inductive. The sequence of stages of an inductive operatoreventually reaches a fixed point, which we denote by X∞. The least

62


ordinal β for which Xβ = Xβ+1 = X∞ is called cl(F), the closure ordinalof F.

Lemma 4.4. For every inductive operator F : P(B)→ P(B), |cl(F)| ≤|B|.

Proof. Let |B|+ denote the smallest cardinal greater than |B|. Supposethat the claim is false for F. Then for each α < |B|+ there exists anelement xα ∈ Xα+1 − Xα. The set xα : α < |B|+ is a subset of B ofcardinality |B|+ > |B|, which is impossible. q.e.d.

Proposition 4.5. For monotone operators, the inductively constructedfixed point coincides with the least fixed point, i.e. X∞ = lfp(F).

Proof. As X∞ is a fixed point, lfp(X) ⊆ X∞. For the converse, we showby induction that Xα ⊆ lfp(F) for all α. As lfp(F) =

⋂Z : F(Z) ⊆ Z,it suffices to show that Xα is contained in all Z for which F(Z) ⊆ Z.

For α = 0, this is trivial. By monotonicity and the inductionhypothesis, we have Xα+1 = F(Xα) ⊆ F(Z) ⊆ Z. For limit ordinals λ

with Xα ⊆ Z for all α < λ we also have Xλ =⋃

α<λ ⊆ Z. q.e.d.

The greatest fixed point can be constructed by a dual induction,starting with Y0 = B, by setting Yα+1 := F(Yα) and Yλ =

⋂α<λ Yα for

limit ordinals. The decreasing sequence of these stages then eventuallyconverges to the greatest fixed point Y∞ = gfp(F).

The least and greatest fixed points are dual to each other. Forevery monotone operator F, the dual operator Fd : X 7→ F(X) (where Xdenotes the complement of X) is also monotone, and we have that

lfp(F) = gfp(Fd) and gfp(F) = lfp(Fd).

Everything said so far holds for operators on arbitrary (finite orinfinite) power set lattices. In finite model theory, we consider opera-tors F : P(Ak) → P(Ak) for finite A only. In this case the inductiveconstructions will reach the least or greatest fixed point in a polyno-mial number of steps. As a consequence, these fixed points can beconstructed efficiently.

63


Lemma 4.6. Let F : P(Ak) → P(Ak) be a monotone operator on afinite set A. If F is computable in polynomial time (with respect to |A|),then so are the fixed points lfp(F) and gfp(F).

4.3 Least Fixed-Point Logic

LFP is the logic obtained by adding least and greatest fixed points tofirst-order logic.

Definition 4.7. Least fixed-point logic (LFP) is defined by adding to thesyntax of first-order logic the following least fixed-point formation rule: Ifψ(R, x) is a formula of vocabulary τ ∪ R with only positive occur-rences of R, if x is a tuple of variables, and if t is a tuple of terms (suchthat the lengths of x and t match the arity of R), then

[lfp Rx . ψ](t) and [gfp Rx . ψ](t)

are formulae of vocabulary τ. The free first-order variables of theseformulae are those in (free(ψ) \ x : x in x) ∪ free(t).

Semantics. For any τ-structure A providing interpretations for all freevariables in the formula, we have that A |= [lfp Rx . ψ](t) if tA (thetuple of elements of A interpreting t) is contained in lfp(Fψ), where Fψ

is the update operator defined by ψ on A. The semantic for greatestfixed point operators is defined analogously.

Example 4.8. Here is a fixed-point formula that defines the transitiveclosure of the binary predicate E:

TC(u, v) := [lfp Txy . Exy ∨ ∃z(Exz ∧ Tzy)](u, v).

Note that in a formula [lfp Rx . ϕ](t), there may be free variables inϕ additional to those in x, and these remain free in the fixed-pointformula. They are often called parameters of the fixed-point formula.For instance, the transitive closure can also be defined by the formula

ϕ(u, v) := [lfp Ty . Euy ∨ ∃x(Tx ∧ Exy)](v)

which has u as a parameter.

64

4.3 Least Fixed-Point Logic

It can be shown that every LFP-formula is equivalent to one with-out parameters (at the cost of increasing the arity of the fixed-pointvariables). The proof is left to the reader.

Example 4.9. Let ϕ := ∀y(y < x → Ry) and let (A,<) be a partialorder. The formula [lfp Rx . ϕ](x) then defines the well-founded partof <. The closure ordinal of Fϕ on (A,<) is the length of the longestwell-founded initial segment of <, and (A,<) |= ∀x[lfp Rx . ϕ](x) if,and only if, (A,<) is well-founded.

Example 4.10. The LFP-sentence

ψ := ∀y∃zFyz ∧ ∀y[lfp Ry . ∀x(Fxy→ Rx)](y)

is an infinity axiom, i.e. it is satisfiable but does not have a finite model.

Example 4.11. The Game query asks, given a finite game G =

(V, V0, V1, E), to compute the set of winning positions for Player 0.The Game query is LFP-definable, by use of [lfp Wx . ϕ](x) with

ϕ(W, x) := (V0x ∧ ∃y(Exy ∧Wy)) ∨ (V1 ∧ ∀y(Exy→Wy)).

The Game query plays an important role for LFP. It can be shown thatevery LFP-definable property of finite structures can be reduced toGame by a quantifier-free interpretation. Hence Game is complete forLFP via this notion of reduction, and thus a natural candidate if one istrying to separate a weaker logic from LFP.

Example 4.12. Maximal bisimulation B on a Kripke structure K =

(K, Ej, Pj) is defined by the formula ψ(u, v) =[gfp Bxy.

(∧i

(Pix ↔ Piy

)∧

∧j

(∀x′(Ej(x, x′)→ ∃y′(Ej(y, y′) ∧ B(x′, y′)))∧

∀y′(Ej(y, y′)→ ∃x′(Ej(x, x′) ∧ B(x′, y′)))))]

(u, v) ,

i.e. uK and vK are bisimilar if and only if K, uK , vK |= ψ(u, v).

65


The duality between the least and greatest fixed points implies thatfor any formula ψ,

[gfp Rx . ψ](t) ≡ ¬[lfp Rx . ¬ψ[R/¬R]](t),

where ψ[R/¬R] is the formula obtained from ψ by replacing all occur-rences of R-atoms by their negations. (As R occurs only positively in ψ,the same is true for ¬ψ[R/¬R].) Because of this duality, greatest fixedpoints are often omitted in the definition of LFP. On the other hand, it issometimes convenient to keep the greatest fixed points, and to use theduality (and de Morgan’s laws) to translate LFP-formulae to negationnormal form, i.e. to push negations all the way to the atoms.

4.3.1 Capturing Polynomial Time

From the fact that first-order operations are polynomial-time com-putable and from Lemma 4.6, we can conclude that every LFP-definableproperty of finite structures is computable in polynomial time.

Proposition 4.13. Let ψ be a sentence in LFP. It is decidable in polyno-mial time whether a given finite structure A is a model of ψ. In short,LFP ⊆ PTIME.

Obviously LFP, is a fragment of second-order logic. Indeed, by theKnaster-Tarski Theorem,

[lfp Rx . ψ(R, x)](y) ≡ ∀R((∀x(ψ(R, x)→ Rx))→ Ry).

We next relate LFP to SO-HORN.

Theorem 4.14. Every formula ψ ∈ SO-HORN is equivalent to someformula ψ∗ ∈ LFP.

Proof. By Theorem 3.9, we can assume that ψ = (∃R1) · · · (∃Rm)ϕ ∈Σ1

1-HORN. By combining the predicates R1, . . . , Rm into a single predi-cate R of larger arity and by renaming variables, it is easy to transform

66

4.4 Infinitary First-Order Logic

ψ into an equivalent formula

ψ′ := ∃R∀x∀y∧i

Ci ∧∧

jDj,

where the Ci are clauses of the form Rx ← αi(R, x, y) (with exactlythe same head Rx for every i) and the Dj are clauses of the form0← β j(R, x, y). The clauses Ci define, on every structure A, a monotoneoperator F : R 7→ x :

∨i ∃yαi(x, y). Let Rω be the least fixed point

of this operator. Obviously A |= ¬ψ if and only if A |= βi(Rω , a, b)for some i and some tuple a, b. But Rω is defined by the fixed-pointformula

αω(x) := [lfp Rx .∨i∃yαi(x, y)](x).

Hence, for β := ∃x∃y∨

j β j(x, y), ψ is equivalent to the formula ψ∗ :=¬β[Rz/αω(z)] obtained from ¬β by substituting all occurrences ofatoms Rz by αω(z). Clearly, this formula is in LFP. q.e.d.

Hence SO-HORN ≤ LFP ≤ SO. As an immediate consequence ofTheorems 3.12 and 4.14 we obtain the Immerman–Vardi Theorem.

Theorem 4.15 (Immerman and Vardi). On ordered structures, leastfixed-point logic captures polynomial time.

However, on unordered structures, SO-HORN is strictly weakerthan LFP.


Definition 4.16. Let κ ∈ Cn∞ be an infinite cardinal number and τ asignature. The infinitary logic Lκω(τ) is inductively defined as follows.

• Each atomic formula in FO(τ) is in Lκω(τ).• If ϕ ∈ Lκω(τ), then also ¬ϕ, ∃xϕ, ∀xϕ ∈ Lκω(τ).• If Φ ⊆ Lκω(τ) is a set of formulae with |Φ| < κ,

then∨

Φ,∧

Φ ∈ Lκω(τ).

Further, we write L∞ω(τ) for⋃

κ∈Cn∞ Lκω(τ).

67


Note that the second parameter ω is always fixed as an index of ourlogics. This indicates that we only allow finite sequences of quantifiers.

The logic Lωω(τ) is precisely the logic FO(τ). The logic Lℵ1ω(τ),in which disjunctions and conjunctions can be built over countable setsof formulae, is denoted by Lω1ω .

The semantics of the infinitary logic is defined in an obvious way.Clearly, we only have to treat the cases of

∧Φ and

∨Φ. Let a ⊆ A be

an assignment of at most κ free variables, then

• A, a |= ∧Φ if and only if A, a |= ϕ for all ϕ ∈ Φ.

• A, a |= ∨Φ if and only if there exists a ϕ ∈ Φ such that A, a |= ϕ.

In all other cases the semantics of infinitary logic coincides with that offirst-order logic.

Example 4.17. Finiteness can be expressed in Lω1ω . Let

ϕ≥n := ∃x1 . . . ∃xn∧

1≤i<j≤n(xi = xj)

and ϕfin :=∨¬ϕ≥n | n < ω ∈ Lω1ω . Then for each structure A,

A |= ϕfin if and only if A is finite.

Remark 4.18. The Compactness Theorem does not hold for the logicLω1ω . Consider for example the set of formulas ϕfin ∪ ϕ≥n | n < ω.It is unsatisfiable, but each of its finite subsets is satisfiable.

Theorem 4.19. Let κ ∈ Cn∞. For each formula ϕ(x) ∈ LFP there is aformula ϕ ∈ Lκω such that for all structures A with |A| < κ and alla ⊆ A, we have A |= ϕ(a) if and only if A |= ϕ(a).

Proof. By using the duality between least and greatest fixed points wemay assume that formulas in LFP only contain operators expressingleast fixed points. We inductively define the translation from LFP toformulas of L∞ω as follows:

• for atomic formulas ψ we set ψ = ψ,

• ¬ψ = ¬ψ,

• ψ1 ∧ ψ2 = ψ1 ∧ ψ2, and ψ1 ∨ ψ2 = ψ1 ∨ ψ2.

68


For the case of [lfp Rx.ψ](t), we build by transfinite induction a sequenceof formulas ψα(x) for all ordinals α ≤ κ. These formulas intuitivelycorrespond to the stages in the inductive evaluation of the least fixed-point. Accordingly, we start with the empty relation and set ψ0(x) = ⊥.The induction proceeds as follows:

• ψα+1(x) = ψ[Rz/ψα(z)],

• for α =⋃

β<α β, let ψα(x) =∨

β<αψβ(x) | β < α.

Using induction on α and the definition of the semantics of L∞ω , wesee that the formulas ψα correspond exactly to the stages of fixed-pointinduction, i.e. Rα = x | ψα(x).

On structures A with |A| < κ we have Rκ = R∞ is the least fixed-point and which is thus defined by ψκ(x). The claim follows. q.e.d.

In general we can not drop the condition of bounded cardinality ofthe structures. In fact, the class of all well-orderings is definable in LFPby the following sentence:

ψwo := ϕlin ∧ ∀x[lfp Wx(∀y(y < x →Wy))](x),

where ϕlin is a formula that expresses that < is a linear order. One canshow that this class is not definable in L∞ω .

We also observe that the structure (ω, 0, S) is axiomatizable inLFP(0, S) up to isomorphism. To see this, note that Sn(0) | n < ω isthe least fixed-point of the expression x = 0 ∨ ∃y(Ry ∧ Sy = x) (withrespect to the variable R). Thus, (ω, 0, S) can be axiomatized by

∀x∀y(Sx = Sy→ x = y) ∧ (∀xSx = 0)∧

∀x[lfp Rx(x = 0∨ ∃y(Ry ∧ Sy = x))](x).

(The two first formulae in the conjunction are the first Peano axioms.)We conclude that the upward Löwenheim-Skolem theorem for LFP fails:

Remark 4.20. There exists a sentence ϕ ∈ LFP that has an infinite modeland no uncountable model.

Next, we want to show that the Compactness Theorem does not

69


hold for LFP either. For this we give an LFP(S)-sentence ϕ such that ϕ

has arbitrary large finite models, but no infinite one.

Theorem 4.21. There is a sentence ϕ ∈ LFP(S) where S is a functionsymbol of arity one such that ϕ has arbitrary large finite models, butno infinite one.

Proof. Define

ψ(x, z) := [lfp Rx.(x = z ∨ ∃y(Ry ∧ Sy = x))](x).

If A is an S-structure then for all elements a, b ∈ A, we have A |= ψ(b, a)if and only if there is some n < ω such that (SA)n(a) = b. Now let

ϕ := ∀x∃y(Sy = x) ∧ ∃x∀yψ(y, x).

For some S-structure A, we have A |= ϕ if and only if SA is surjec-tive and there is an a ∈ A that generates the whole structure in thesense that A = (SA)n(a) | n < ω. For any n < ω, the structureA = (1, . . . , n, SA) where SA(k) = k + 1 for k ∈ 1, . . . , n− 1 andSA(n) = 1 is a model of ϕ. Thus, ϕ has arbitrary large finite models.

On the other hand, ϕ has no infinite model. Let A = (A, SA) be anS-structure with an infinite universe A such that there is an a ∈ A withA = (SA)n(a) | n < ω, then a /∈ Img(SA), so SA is not surjective.Indeed, assume that a ∈ Img(SA). Then a = SA(b) for some b ∈ A.Because A = (SA)n(a) | n < ω, it would follow b = (SA)n(a), so(SA)n+1(a) = a. Then it would be |(SA)n(a) | n < ω| ≤ n, incontradiction to the fact that A is infinite and A = (SA)n(a) | n < ω.It follows that A |= ϕ, and the statement is proven. q.e.d.

Corollary 4.22. There exists an unsatisfiable set of sentences Φ ⊆ LFPsuch that every finite subset of Φ is satisfiable, i.e. the CompactnessTheorem fails for LFP.

Proof. According to Theorem 4.21 there is a sentence ϕ ∈ LFP(S) thathas arbitrary large finite models, but no infinite one. As before, considerthe set of sentences Φ = ϕ ∪ ∃x1 . . . ∃xn

∧i<j xi = xj : n ∈ ω.

q.e.d.

70


We mention yet another property of LFP, that we do not provehere: the downward Löwenheim-Skolem theorem holds for LFP.

Theorem 4.23. Let ϕ ∈ LFP be a satisfiable sentence. Then ϕ has acountable model.

In particular, it follows that there is a sentence in ϕ ∈ L∞ω(τ) forsome appropriate signature τ that is not equivalent to any sentenceψ ∈ LFP(τ). For example, we can choose an uncountable set of constantsymbols as τ and a conjunction of all sentences c = d for pairwisedistinct c, d ∈ τ as ϕ, which has no countable model.

71

5 Modal, Inflationary and Partial FixedPoints

In finite model theory, a number of other fixed-point logics, in additionto LFP, play an important role. The structure, expressive power, andalgorithmic properties of these logics have been studied intensively, andwe review these results in this chapter.

5.1 The Modal µ-Calculus

A fragment of LFP that is of fundamental importance in many areas ofcomputer science (e.g. controller synthesis, hardware verification, andknowledge representation) is the modal µ-calculus (Lµ). It is obtainedby adding least and greatest fixed points to propositional modal logic(ML). In this way Lµ relates to ML in the same way as LFP relates toFO.

Definition 5.1. The modal µ-calculus Lµ extends ML (including proposi-tional variables X, Y, . . . , which can be viewed as monadic second-ordervariables) by the following rule for building fixed point formulae: If ψ

is a formula in Lµ and X is a propositional variable that only occurspositively in ψ, then µX.ψ and νX.ψ are also Lµ-formulae.

The semantics of these fixed-point formulae is completely analo-gous to that for LFP. The formula ψ defines on G (with universe V, andwith interpretations for other free second-order variables that ψ mayhave besides X) the monotone operator Fψ : P(V) → P(V) assigningto every set X ⊆ V the set ψG(X) := v ∈ V : (G, X), v |= ψ. Thesemantics of fixed-points is defined by

G, v |= µX.ψ iff v ∈ lfp(Fψ)

G, v |= νX.ψ iff v ∈ gfp(Fψ).

73

5 Modal, Inflationary and Partial Fixed Points

Example 5.2. The formula µX.(ϕ ∨ ⟨a⟩X) asserts that there exists a pathalong a-transitions to a node where ϕ holds.

The formula ψ := νX.((∨

a∈A⟨a⟩true)∧ (∧a∈A[a]X))

expresses theassertion that the given transition system is deadlock-free. In otherwords, G, v |= ψ if no path from v in G reaches a dead end (i.e. a nodewithout outgoing transitions).

Finally, the formula νX.µY.(⟨a⟩

((ϕ ∧ X) ∨Y

))says that there ex-

ists a path from the current node on which ϕ holds infinitely often.

The embedding from ML into FO is readily extended to a transla-tion from Lµ into LFP, by inductively replacing formulas of the formµX.ϕ by [lfp Xx.ϕ∗](x).

Proposition 5.3. Every formula ψ ∈ Lµ is equivalent to a formulaψ∗(x) ∈ LFP.

Further the argument proving that LFP can be embedded into SOalso shows that Lµ is a fragment of MSO.

As for LFP, a fixed µ-calculus formula can be evaluated on a struc-ture A in time polynomial in |A|. The question whether evaluatingµ-calculus formulas on a structure when both the formula and thestructure are part of the input is in PTIME is a major open problem.On the other hand, it is not difficult to see that the µ-calculus doesnot suffice to capture PTIME, even in very restricted scenarios such asword structures. Indeed, as Lµ is a fragment of MSO, it can only defineregular languages, and of course, not all PTIME-languages are regular.However, we shall see in Section 5.5 that there is a multidimensionalvariant of Lµ that captures the bisimulation-invariant fragment of PTIME.Before we do this, let us first show that Lµ is itself invariant underbisimulation. To this end, we translate Lµ formulas into formulas ofinfinitary modal logic ML∞ω , similar to the embedding of LFP into L∞ω .

5.1.1 Infinitary Modal Logic and Bisimulation Invariance

Infinitary modal logic extends ML in an analogous way as how infinitaryfirst-order logic extends FO.

74

5.1 The Modal µ-Calculus

Definition 5.4. Let κ ∈ Cn∞ be an infinite cardinal number. Theinfinitary logic MLκω is inductively defined as follows.

• Predicates Pi are in MLκω .

• If ϕ ∈ MLκω , then also ¬ϕ, ϕ, ♦ϕ ∈ MLκω .

• If Φ ⊆ MLκω is a set of formulae with |Φ| < κ,then

∨Φ,

∧Φ ∈ MLκω .

Further, we write ML∞ω to denote⋃

κ∈Cn∞ MLκω .

The semantics of ML∞ω on Kripke structures is defined analo-gously to the semantics of ML, with the following obvious extensionfor the case of infinite disjuntions and conjunctions.

• K, v |= ∧Φ if and only if K, v |= ϕ for all ϕ ∈ Φ.

• K, v |= ∨Φ if and only if there exists a ϕ ∈ Φ such that K, v |= ϕ.

The same proof that shows invariance of ML under bisimulationworks for ML∞ω , because the introduction of infinite conjunctions anddisjunctions does not interfere with the arguments in the proof at all.

Theorem 5.5. The logic ML∞ω is invariant under bisimulation, i.e. ifϕ ∈ ML∞ω is a formula and K, v ∼ K′, v′ are two bisimilar Kripkestructures, then

K, v |= ϕ iff K′, v′ |= ϕ.

Similarly, the proof of Theorem 5.6 can be adapted to give a trans-lation from Lµ formulas to ML∞ω , as stated below.

Theorem 5.6. Let κ ∈ Cn∞. For each formula ϕ ∈ Lµ there exists aformula ϕ ∈ MLκω such that for all transition systems K with |K| < κ

and all v ∈ K, we have K, v |= ϕ if and only if K, v |= ϕ.

Combining these two theorems, we get bisimulation invariance of Lµ.

Corollary 5.7. The logic Lµ is invariant under bisimulation.

75


5.2 Inflationary Fixed-Point Logic

LFP is only one instance of a logic with an explicit operator for formingfixed points. A number of other fixed-point extensions of first-orderlogic (or fragments of it) have been extensively studied in finite modeltheory. These include inflationary, partial, non-deterministic, and alter-nating fixed-point logics. All of these have in common that they allowthe construction of fixed points of operators that are not necessarilymonotone.

An operator G : P(B) → P(B) is called inflationary if G(X) ⊇ Xfor all X ⊆ B. With any operator F one can associate an inflationaryoperator G, defined by G(X) := X ∪ F(X). In particular, inflationaryoperators are inductive, so iterating G yields a fixed point, called theinflationary fixed point of F.

To be more precise, the inflationary fixed-point of any operatorF : P(B) → P(B) is defined as the limit of the increasing sequence ofsets (Rα) defined as R0 := ∅, Rα+1 := Rα ∪ F(Rα), and Rλ :=

⋃α<λ Rα

for limit ordinals λ. The deflationary fixed point of F is constructed in thedual way starting with B as the initial stage and taking intersections atsuccessor and limit ordinals.

Remark 5.8.

(1) Monotone operators need not be inflationary, and inflationaryoperators need not be monotone.

(2) An inflationary operator need not have a least fixed point.(3) The least fixed point of an inflationary operator (if it exists) may

be different from the inductive fixed point.(4) However, if F is a monotone operator, then its inflationary fixed

point and its least fixed point coincide.

The logic IFP is defined with a syntax similar to that of LFP, butwithout the requirement that the fixed-point variable occurs only posi-tively in the formula defining the operator, and with semantics givenby the associated inflationary operator.

Definition 5.9. IFP is the extension of first-order logic by the followingfixed-point formation rules. For every formula ψ(R, x), every tuple

76


x of variables, and every tuple t of terms (such that the lengths of xand t match the arity of R), we can build formulas [ifp Rx . ψ](t) and[dfp Rx . ψ](t).

Semantics. For a given structure A, we have that A |= [ifp Rx . ψ](t)and A |= [dfp Rx . ψ](t) if tA is contained in the inflationary anddeflationary fixed point of Fψ, respectively.

By the last item of Remark 5.8, least and inflationary inductions areequivalent for positive formulae, and hence IFP is at least as expressiveas LFP. On finite structures, inflationary inductions reach the fixed pointafter a polynomial number of iterations, hence every IFP-definable classof finite structures is decidable in polynomial time.

Proposition 5.10. IFP captures PTIME on ordered finite structures.

5.2.1 Least Versus Inflationary Fixed-Points

As both logics capture PTIME, IFP and LFP are equivalent on orderedfinite structures. What about unordered structures? It was shown byGurevich and Shelah that the equivalence of IFP and LFP holds on allfinite structures. Their proof does not work on infinite structures, andindeed there are some important aspects in which least and inflationaryinductions behave differently. For instance, there are first-order opera-tors (on arithmetic, say) whose inflationary fixed point is not definableas the least fixed point of a first-order operator. Further, the alternationhierarchy in LFP is strict, whereas IFP has a positive normal form (seeProposition 5.17 below). Hence it was conjectured by many that IFPmight be more powerful than LFP. However, Kreutzer showed recentlythat IFP is equivalent to LFP on arbitrary structures. Both proofs, byGurevich and Shelah and by Kreutzer, rely on constructions showingthat the stage comparison relations of inflationary inductions are definableby lfp inductions.

Definition 5.11. For every inductive operator F : P(B) → P(B), withstages Xα and an inductive fixed point X∞, the F-rank of an elementb ∈ B is |b|F := minα : b ∈ Xα if b ∈ X∞, and |b|F = ∞ otherwise.

77


The stage comparison relations of G are defined by

a ≤F b iff |a|F ≤ |b|F < ∞

a ≺F b iff |a|F < |b|F.

Given a formula ϕ(R, x), we write ≤ϕ and ≺ϕ for the stage compar-ison relations defined by the operator Fϕ (assuming that it is indeedinductive), and ≤inf

ϕ and ≺infϕ for the stage comparison relations of the

associated inflationary operator Gϕ : R 7→ R ∪ a : A |= ϕ(R, a).

Example 5.12. For the formula ϕ(T, x, y) := Exy ∨ ∃z(Exz ∧ Tzy) therelation ≺ϕ on a graph (V, E) is distance comparison:

(a, b) ≺ϕ (c, d) iff dist(a, b) < dist(c, d).

Stage comparison theorems are results about the definability ofstage comparison relations. For instance, Moschovakis proved thatthe stage comparison relations ≤ϕ and ≺ϕ of any positive first-orderformula ϕ are definable by a simultaneous induction over positive first-order formulae. For results on the equivalence of IFP and LFP oneneeds a stage comparison theorem for IFP inductions.

We first observe that the stage comparison relations for IFP in-ductions are easily definable in IFP. For any formula ϕ(T, x) with freevariables x and free occuring predicate T, the stage comparison relation≺inf

ϕ is defined by the formula

ψ(x′y′) = [ifp w ≺ z . ϕ[Tu/u ≺ w](w) ∧ ¬ϕ[Tu/u ≺ z](z)](x′, y′).

Here we syntactically substitute T, u by u ≺ w in ϕ(Tx) and, addition-ally, free variables again by w. (Note that u may contain free variables.)In ¬ϕ(T, x), we substitute T, u by u ≺ z and, additionally, free variablesagain by z. Thus free variables become parameter variables of thefixed-point. Now, for the first iteration, T0 is empty as well as ≺0, sothe formula ϕ(T0, w) is satisfied by the same a as ϕ(≺0, w). So in thefirst interation, the first components of ≺1 contain the same elementsas T1. The second components of ≺1 contain all other elements. Ingeneral, in the i-th iteration, ≺i consists of pairs (a, b) such that a ∈ Ti

78


and b ∈ Ti. In the next step, precisely those a satisfy ϕ[Tu/u ≺ w](≺i)

that satisfy ϕ(Ti) (instead of ϕ[T, u] we now have ϕ[u ≺ w], i.e. Taholds if and only if u ≺ a holds if and only if a has come to T in theprevious steps). So those b that do not satisfy ϕ[Tu/u ≺ w](≺i), satisfy¬ϕ[Tu/u ≺ w](≺i). Summing up, pairs a, b are included to ≺i+1 if andonly if a is included into Ti+1, but not earlier, and b is not in Ti+1.

However, what we need to show is that the stage comparisonrelation for IFP inductions is in fact LFP-definable.

Theorem 5.13 (Inflationary Stage Comparison). For any formula ϕ(R, x)in FO or LFP, the stage comparison relation ≺inf

ϕ is definable in LFP.On finite structures, it is even definable in positive LFP.

From this result, the equivalence of LFP and IFP follows easily.

Theorem 5.14 (Kreutzer). For every IFP-formula, there is an equivalentLFP-formula.

Proof. For any formula ϕ(R, x),

[ifp Rx . ϕ](x) ≡ ϕ(y : y ≺infϕ x, x).

This holds because, by definition, an inductive fixed-point can onlyincrease. Thus a tuple is added to it if and only if there is a stage, atwhich the relation R contains all previously added elements (thus R =

y : y ≺infϕ x), and at that stage ϕ(R, x) holds. Due to Theorem 5.13,

the relation y : y ≺infϕ x is definable in LFP, so the statement follows

directly. q.e.d.

Positive LFP. While LFP and the modal µ-calculus allow arbitrarynesting of least and greatest fixed points, and arbitrary interleavingof fixed points with Boolean operations and quantifiers, we can alsoask about their more restricted forms. Let LFP1 (sometimes also calledpositive LFP) be the extension of first-order logic that is obtained bytaking least fixed points of positive first-order formulae (without param-eters) and closing them under disjunction, conjunction, and existentialand universal quantification, but not under negation. LFP1 can be

79


conveniently characterized in terms of simultaneous least fixed points,defined in the next chapter.

Theorem 5.15. A relation is definable in LFP1 if and only if it is de-finable by a formula of the form [lfp R : S](x), where S is a system ofupdate rules Rix := ϕi(R, x) with first-order formulae ϕi. Moreover,we can require, without diminishing the expressive power, that each ofthe formulae ϕi in the system is either a purely existential formula or apurely universal formula.

One interesting consequence of the stage comparison theorems isthat on finite structures, greatest fixed points (i.e. negations of leastfixed points) can be expressed in positive LFP. This gives a normal formfor LFP and IFP.

Theorem 5.16 (Immerman). On finite structures, every LFP-formula(and hence also every IFP-formula) is equivalent to a formula in LFP1.

This result fails on infinite structures. On infinite structures, thereexist LFP formulae that are not equivalent to positive formulae, and infact the alternation hierarchy of least and greatest fixed points is strict.This is not the case for IFP.

Proposition 5.17. It can be proven that every IFP-formula is equivalentto one that uses ifp-operators only positively.

Proof. Assume that structures contain at least two elements and that aconstant 0 is available. Then a formula ¬[ifp Rx . ψ(R, x)] is equivalentto an inflationary induction on a predicate Tx y which, for y = 0,simulates the induction defined by ψ, checks whether the fixed pointhas been reached, and then makes atoms Tx0 true if x is not containedin the fixed point. q.e.d.

In finite model theory, owing to the Gurevich-Shelah Theorem, thetwo logics LFP and IFP have often been used interchangeably. However,there are significant differences that are sometimes overlooked. Despitethe equivalence of IFP and LFP, inflationary inductions are a morepowerful concept than monotone inductions. The translation from IFP-formulae to equivalent LFP-formulae can make the formulae much more

80

5.3 Simultaneous Inductions

complicated, requires an increase in the arity of fixed-point variablesand, in the case of infinite structures, introduces alternations betweenleast and greatest fixed points. Therefore it is often more convenientto use inflationary inductions in explicit constructions, the advantagebeing that one is not restricted to inductions over positive formulae.For an example, see the proof of Theorem 5.29 below. Furthermore, IFPis more robust, in the sense that inflationary fixed points remain welldefined even when other non-monotone operators (e.g. generalizedquantifiers) are added to the language.

5.3 Simultaneous Inductions

A more general variant of LFP permits simultaneous inductions overseveral formulae. A simultaneous induction is based on a system ofoperators of the form

F1 : P(B1)× · · · × P(Bm) → P(B1)

...

Fm : P(B1)× · · · × P(Bm) → P(Bm),

forming together an operator

F = (F1, . . . , Fm) : P(B1)× · · · × P(Bm)→ P(B1)× · · · × P(Bm).

Inclusion on the product lattice P(B1)× · · · ×P(Bm) is componentwise.Accordingly, F is monotone if, whenever Xi ⊆ Yi for all i, then alsoFi(X) ⊆ Fi(Y) for all i.

Everything said above about least and greatest fixed points carriesover to simultaneous induction. In particular, a monotone operatorF has a least fixed point lfp(F) which can be constructed inductively,starting with X0

= (∅, . . . , ∅) and iterating F until a fixed point X∞ isreached.

One can extend the logic LFP by a simultaneous fixed point forma-tion rule.

81


Definition 5.18. Simultaneous least fixed-point logic, denoted by S-LFP, isthe extension of first-order logic by the following rule.

Syntax. Let ψ1(R, x1), . . . , ψm(R, xm) be formulae of vocabularyτ ∪ R1, . . . , Rm, with only positive occurrences of R1, . . . , Rm, and, foreach i ≤ m, let xi be a sequence of variables matching the arity of Ri.Then

S :=

R1x1 := ψ1

...

Rmxm := ψm

is a system of update rules, which is used to build formulae [lfp Ri : S](t)and [gfp Ri : S](t) (for any tuple t of terms whose length matches thearity of Ri).

Semantics. On each structure A, S defines a monotone operatorSA = (S1, . . . , Sm) mapping tuples R = (R1, . . . , Rm) of relations on Ato SA(R) = (S1(R), . . . , Sm(R)) where Si(R) := a : (A, R) |= ψi(R, a).As the operator is monotone, it has a least fixed point lfp(SA) =

(R∞1 , . . . , R∞

m ). Now A |= [lfp Ri : S](a) if a ∈ R∞i . Similarly for greatest

fixed points.

As in the case of LFP, one can also extend IFP and PFP (definedin the next section) by simultaneous inductions over several formulae.In all of these cases, simultaneous fixed-point logics S-LFP, S-IFP andS-PFP are not more expressive than their simple variants. This canbe proven easily by taking a fixed-point over a relation R with biggerarity, e.g. one higher than the maximum arity of R1, . . . , Rm. The atomsRi(x) can then be replaced by R(ci, x) for chosen m constants c1, . . . , cm.The fixed-point of R is then sufficient to describe the simultaneousfixed-point of S, yielding the following.

Theorem 5.19. For every formula ϕ ∈ S-LFP (ϕ ∈ S-IFP,S-PFP) thereexists an equivalent formula ϕ ∈ LFP (ϕ ∈ IFP,PFP).

82

5.4 Partial Fixed-Point Logic


Another fixed-point logic that is relevant to finite structures is thepartial fixed-point logic (PFP). Let ψ(R, x) be an arbitrary formuladefining on a finite structure A a (not necessarily monotone) operatorFψ : R 7→ a : A |= ψ(R, a), and consider the sequence of its finitestages R0 := ∅, Rm+1 = Fψ(Rm).

This sequence is not necessarily increasing. Nevertheless, as A isfinite, the sequence either converges to a fixed point, or reaches a cyclewith a period greater than one. We define the partial fixed point of Fψ

as the fixed point that is reached in the former case, and as the emptyrelation otherwise. The logic PFP is obtained by adding to first-orderlogic the partial-fixed-point formation rule, which allows us to build fromany formula ψ(R, x) a formula [pfp Rx . ψ(R, x)](t), saying that t iscontained in the partial fixed point of the operator Fψ.

Note that if R occurs only positively in ψ, then

[lfp Rx . ψ(R, x)](t) ≡ [pfp Rx . ψ(R, x)](t),

so we have that LFP ≤ PFP. However, PFP seems to be much morepowerful than LFP. For instance, while a least-fixed-point induction onfinite structures always reaches the fixed point in a polynomial numberof iterations, a partial-fixed-point induction may need an exponentialnumber of stages.

Example 5.20. Consider the sequence of stages Rm defined by the for-mula

ψ(R, x) :=(

Rx∧∃y(y < x∧¬Ry))∨(¬Rx∧∀y(y < x → Ry)

)∨∀yRy

on a finite linear order (A,<). It is easily seen than the fixed pointreached by this induction is the set R = A, but before this fixed point isreached, the induction goes in lexicographic order through all possiblesubsets of A. Hence the fixed point is reached at stage 2n − 1, wheren = |A|.

83


Complexity. Although a PFP induction on a finite structure may gothrough exponentially many stages (with respect to the cardinality ofthe structure), each stage can be represented with polynomial storagespace. As first-order formulae can be evaluated efficiently, it follows bya simple induction that PFP-formulae can be evaluated in polynomialspace.

Proposition 5.21. For every formula ψ ∈ PFP, the set of finite modelsof ψ is in PSPACE; in short: PFP ⊆ PSPACE.

On ordered structures, one can use techniques similar to those usedin previous capturing results, to simulate polynomial-space-boundedcomputation by PFP-formulae.

Theorem 5.22 (Abiteboul, Vianu, and Vardi). On ordered finite struc-tures, PFP captures PSPACE.

Proof. It remains to prove that every class K of finite ordered structuresthat is recognizable in PSPACE, can be defined by a PFP-formula.

Let M be a polynomially space-bounded deterministic Turing ma-chine with state set Q and alphabet Σ, recognizing (an encoding of)an ordered structure (A,<) if and only if (A,<) ∈ K. Without loss ofgenerality, we can make the following assumptions. For input structuresof cardinality n, M requires space less than nk − 2, for some fixed k. Forany configuration C of M, let Next(C) denote its successor configura-tion. The transition function of M is adjusted so that Next(C) = C if,and only if, C is an accepting configuration.

We represent any configuration of M with a current stateq, tape inscription w1 · · ·wm, and head position i, by the word#w1 · · ·wi−1(qwi)wi+1 · · ·wm−1# over the alphabet Γ := Σ ∪ (Q× Σ) ∪#, where m = nk and # is merely used as an end marker to make thefollowing description more uniform. When moving from one configura-tion to the next, Turing machines make only local changes. We can there-fore associate with M a function f : Γ3 → Γ such that, for any configu-ration C = c0 · · · cm, the successor configuration Next(C) = c′0 · · · c′m isdetermined by the rules

c′0 = c′m = # and c′i = f (ci−1, ci, ci+1) for 1 ≤ i ≤ m− 1.

84


Recall that we encode structures so that there exist first-orderformulae βσ(y) such that (A,<) |= βσ(a) if and only the ath symbolof the input configuration of M for input code(()A,<) is σ. We nowrepresent any configuration C in the computation of M by a tupleC = (Cσ)σ∈Γ of k-ary relations, where

Cσ := a : the a-th symbol of C is σ.

The configuration at time t is the stage t + 1 of a simultaneous pfpinduction on (A,<), defined by the rules

C#y :=∀z(y ≤ z) ∨ ∀z(z ≤ y)

and, for all σ ∈ Γ− #,

Cσy :=(

βσ(y) ∧∧

γ∈Γ∀x¬Cγx

)∨

∃x∃z(

x + 1 = y ∧ y + 1 = z ∧∨

f (α,β,γ)=σ

Cαx ∧ Cβy ∧ Cγz))

The first rule just says that each stage represents a word starting andending with #. The other rules ensure that (1) if the given sequenceC contains only empty relations (i.e. if we are at stage 0), then thenext stage represents the input configuration, and (2) if the given se-quence represents a configuration, then the following stage representsits successor configuration.

By our convention, M accepts its input if and only the sequence ofconfigurations becomes stationary (i.e. reaches a fixed point). HenceM accepts code(()A,<) if and only if the relations defined by thesimultaneous pfp induction on A of the rules described above are non-empty. Hence K is PFP-definable. q.e.d.

5.4.1 Least Versus Partial Fixed-Point Logic

From the capturing results for PTIME and PSPACE we immediatelyobtain the result that PTIME = PSPACE if, and only if, LFP = PFP on

85


ordered finite structures. The natural question arises of whether LFPand PFP can be separated on the domain of all finite structures. For anumber of logics, separation results on arbitrary finite structures canbe established by relatively simple methods, even if the correspondingseparation on ordered structures would solve a major open problemin complexity theory. For instance, we have proved by quite a simpleargument that DTC ( TC, and it is also not very difficult to show thatTC ( LFP (indeed, TC is contained in stratified Datalog, which is alsostrictly contained in LFP). Further, it is trivial that LFP is less expressivethan Σ1

1 on all finite structures. However the situation is different forLFP vs. PFP.

Theorem 5.23 (Abiteboul and Vianu). LFP and PFP are equivalent onfinite structures if, and only if, PTIME = PSPACE.

5.5 Capturing PTIME up to Bisimulation

In mathematics, we consider isomorphic structures as identical. Indeed,it almost goes without saying that relevant mathematical notions donot distinguish between isomorphic objects. As classical algorithmicdevices work on ordered representations of structures rather than thestructures themselves, our capturing results rely on an ability to reasonabout canonical ordered representations of isomorphism classes of finitestructures.

However, in many application domains of logic, structures aredistinguished only up to equivalences coarser than isomorphism. Per-haps the best-known example is the modelling of the computationalbehaviour of (concurrent) programs by transition systems. The meaningof a program is usually not captured by a unique transition system.Rather, transition systems are distinguished only up to appropriatenotions of behavioural equivalence, the most important of these beingbisimulation.

In such a context, the idea of a logic capturing PTIME gets a newtwist. One would like to express in a logic precisely those properties ofstructures that are

86


(1) decidable in polynomial time, and

(2) invariant under the notion of equivalence being studied.

A class S of rooted transition systems or Kripke structures is invari-ant under bisimulation if, whenever K, v ∈ S and K, v ∼ K′, v′, then alsoK′, v′ ∈ S. We say that a class S of finite rooted transition systems is inbisimulation-invariant PTIME if it is invariant under bisimulation, andif there exists a polynomial-time algorithm deciding whether a givenpair K, v belongs to S. A logic L is invariant under bisimulation if allL-definable properties of rooted transition systems are.

Clearly, Lµ ⊆ bisimulation-invariant PTIME. However, as pointedout in Section 5.1, Lµ is far too weak to capture this class, mainlybecause it is essentially a monadic logic. Instead, we have to consider amultidimensional variant Lω

µ of Lµ.

But before we define this logic, we should explain the main tech-nical step, which relies on definable canonization, but of course withrespect to bisimulation rather than isomorphism. For simplicity ofnotation, we consider only Kripke structures with a single transitionrelation E. The extension to the case of several transition relations Ea isstraightforward.

With a rooted Kripke structure K = (V, E, (Pb)b∈B), u, we associatea new transition system

K∼u := (V∼u , E∼, (P∼b )b∈B),

where V∼u is the set of all ∼-equivalence classes [v] of nodes v ∈ V thatare reachable from u. More formally, let [v] denote the bisimulationequivalence class of a node v ∈ V. Then

V∼u := [v] : there is a path in G from u to v

P∼b := [v] ∈ V∼u : v ∈ Pb

E∼ := ([v], [w]) : (v, w) ∈ E.

The pair K∼u , [u] is, up to isomorphism, a canonical representant ofthe bisimulation equivalence class of K, u. To see this one can prove

87


that (1) (K, u) ∼ (K∼u , [u]), and (2) if (K, u) ∼ (G, v), then (K∼u , [u]) ∼=(G∼v , [v]).

It follows that a class S of rooted transition systems is bisimulation-invariant if and only if S = (K, u) : (K∼u , [u]) ∈ S. Let CR∼ be thedomain of canonical representants of finite transition systems, i.e.

CR∼ := K, u | (K∼u , [u]) ∼= (K, u).

Proposition 5.24. CR∼ admits LFP-definable linear orderings, i.e. forevery vocabulary τ = E ∪ Pb : b ∈ B, there exists a formulaψ(x, y) ∈ LFP(τ) which defines a linear order on every transitionsystem in CR∼(τ).

Proof. Recall that bisimulation equivalence on a transition system is agreatest fixed point. Its complement, bisimulation inequivalence, is aleast fixed point, which is the limit of an increasing sequence ∼i definedas follows: u ∼0 v if u and v do not have the same atomic type, i.e. ifthere exists some b such that one of the nodes u, v has the propertyPb and the other does not. Further, u ∼i+1 v if the sets of ∼i-classesthat are reachable in one step from u and v are different. The idea isto refine this inductive process, by defining relations ≺i that order the∼i-classes. On the transition system itself, these relations are pre-orders.The inductive limit ≺ of the pre-orders ≺i defines a linear order ofthe bisimulation equivalence classes. But in transition systems in CR∼,bisimulation classes have only one element, so ≺ actually defines alinear order on the set of nodes.

To make this precise, we choose an order on B and define ≺0 byenumerating the 2|B| atomic types with respect to the propositions Pb,i.e.

x ≺0 y :=∨

b∈B

(¬Pbx ∧ Pby ∧

∧b′<b

Pb′x ↔ Pb′y)

.

In other words, there is some b such that Pb separates x from y and forthe least such b, Pb holds on y and not on x.

88


In what follows, x ∼i y can formally be taken as an abbreviation for¬(x ≺i y ∨ y ≺i x), and similarly for x ∼ y. We define x ≺i+1 y by thecondition that either x ≺i y, or x ∼i y and the set of ∼i-classes reachablefrom x is lexicographically smaller than the set of ∼i-classes reachablefrom y. Note that this inductive definition of ≺ is not monotone, so itcannot be directly captured by an LFP-formula. However, as we knowthat LFP ≡ IFP, we can use an IFP-formula instead. Explicitly, ≺ isdefined by [ifp x ≺ y . ψ(≺, x, y)](x, y), where

ψ(≺, x, y) := x ≺0 y ∨(

x ∼ y∧

(∃y′ . Eyy′)((∀x′ . Exx′)x′ ∼ y′∧

(∀z.z ≺ y′)(∃x′′(Exx′′ ∧ x′′ ∼ z)↔

∃y′′(Eyy′′ ∧ y′′ ∼ z))))

.

q.e.d.

Corollary 5.25. On the domain CR∼, LFP captures PTIME.

Since LFP is not invariant under bisimulation, we will strengthenthe above result and capture bisimulation-invariant PTIME in terms ofa natural logic, the multidimensional µ-calculus Lω

µ .

Definition 5.26. The syntax of the k-dimensional µ-calculus Lkµ (for tran-

sition systems K = (V, E, (Pb)b∈B)) is the same as the syntax of theusual µ-calculus Lµ with modal operators ⟨i⟩, [i], and ⟨σ⟩, [σ] for everysubstitution σ : 1, . . . , k → 1, . . . , k. Let S(k) be the set of all thesesubstitutions.

The semantics is different, however. A formula ψ of Lkµ is in-

terpreted on a transition system K = (V, E, (Pb)b∈B) at node v byevaluating it as a formula of Lµ on the modified transition system

Kk = (Vk, (Ei)1≤i≤k, (Eσ)σ∈S(k), (Pb,i)b∈B,1≤i≤k)

89


at node v := (v, v, . . . , v). Here Vk = V × · · · ×V and

Ei := (v, w) ∈ Vk ×Vk : (vi, wi) ∈ E and vj = wj for j = i

Eσ := (v, w) ∈ Vk ×Vk : wi = vσ(i) for all i

Pb,i := v ∈ Vk : vi ∈ Pb

That is, K, v |=Lkµ

ψ iff Kk, (v, . . . , v) |=Lµψ. The multidimensional µ-

calculus is Lωµ =

⋃k<ω Lk

µ.

Remark. Instead of evaluating a formula ψ ∈ Lkµ at single nodes

v of G, we can also evaluate it at k-tuples of nodes: K, v |=Lkµ

ψ iff

Kk, v |=Lµψ.

Example 5.27. Bisimulation is definable in L2µ (in the sense of the remark

just made). Let

ψ∼ := νX .(∧

b∈B(Pb,1 ↔ Pb,2) ∧ [1]⟨2⟩X ∧ [2]⟨1⟩X

).

For every transition system K, we have that K, v1, v2 |= ψ∼ if, and onlyif, v1 and v2 are bisimilar in K. Further, we have that

K, v |= µY . ⟨2⟩(ψ∼ ∨ ⟨2⟩Y)

if, and only if, there exists in K a point w that is reachable from v (by apath of length ≥ 1) and bisimilar to v.

One can see that Lωµ is invariant under bisimulation (because if

K, vi ∼ G, ui for all i then also Kk, v ∼ G, u) and that Lωµ can be embed-

ded in LFP. This establishes the easy direction of the desired result:Lω

µ ⊆ bisimulation-invariant PTIME.For the converse, it suffices to show that LFP and Lω

µ are equivalenton the domain CR∼. Let S be a class of rooted transition systems inbisimulation-invariant PTIME. For any K, u, we have that K, u ∈ S ifits canonical representant K∼u , [u] ∈ S. If LFP and Lω

µ are equivalenton CR∼, then there exists a formula ψ ∈ Lω

µ such that K∼u , [u] |= ψ

iff K∼u , [u] ∈ S. By the bisimulation invariance of ψ, it follows thatK, u |= ψ iff K, u ∈ S.

90


The width of an LFP-formula ϕ is the maximal number of freevariables occuring in a subformula of ϕ.

Proposition 5.28. On the domain CR∼, LFP ≤ Lωµ . More precisely, for

each formula ψ(x1, . . . , xk) ∈ LFP of width ≤ k, there exists a formulaψ∗ ∈ Lk+1

µ such that for each K, u ∈ CR∼, we have that K |= ψ(u, v) iffK, u, v |= ψ∗.

Note that although, ultimately, we are interested only in formulaeψ(x) with just one free variable, we need more general formulae, andevaluation of Lk

µ-formulae over k-tuples of nodes, for the inductivetreatment. In all formulae, we shall have at least x1 as a free variable,and we always interpret x1 as u (the root of the transition system).We remark that, by an obvious modification of the formula given inExample 5.27, we can express in Lk

µ the assertion that xi ∼ xj for anyi, j.

Atomic formulae are translated from LFP to Lωµ according to

(xi = xj)∗ := xi ∼ xj

(Pbxi)∗ := Pb,ix

(Exixj)∗ := ⟨i⟩xi ∼ xj

(Xxσ(1) · · · xσ(r))∗ := ⟨σ⟩X.

Boolean connectives are treated in the obvious way, and quantifiersare translated by use of fixed points. To find a witness xj satisfying aformula ψ, we start at u (i.e. set xj = x1), and search along transitions(i.e. use the µ-expression for reachability). That is, let j/1 be thesubstitution that maps j to 1 and fixes the other indices, and translate∃xjψ(x) into

⟨j/1⟩µY . ψ∗ ∨ ⟨j⟩Y.

Finally, fixed points are first brought into normal form so that variablesappear in the right order, and then they are translated literally, i.e.[lfp Xx . ψ](x) translates into µX . ψ∗.

The proof that the translation has the desired property is a straight-

91


forward induction, which we leave as an exercise. Altogether we haveestablished the following result.

Theorem 5.29 (Otto). The multidimensional µ-calculus capturesbisimulation-invariant PTIME.

Otto has also established capturing results with respect to otherequivalences. For finite structures A,B, we say that A ≡k B if no first-order sentence of width k can distinguish between A and B. Similarly,A ≡C

k B if A and B are indistinguishable by first-order sentences ofwidth k with counting quantifiers of the form ∃≥ix, for any i ∈N.

Theorem 5.30 (Otto). There exist logics that effectively capture ≡2-invariant PTIME and ≡C

2 -invariant PTIME on the class of all finitestructures.

92

6 Fixed-point logic with counting

The (machine-independent) characterisation of complexity classes bylogics (in the sense of Definition 3.4) yields deep insights into thestructure of the classified problems. The theorem of Fagin (cf. Chapter 3)is a seminal result in the field of descriptive complexity theory, andgives such a correspondence between algorithmic and logical resourcesfor the important class NP. If we restrict to ordered structures, wecan also find such characterisation for PTIME as shown e.g. in theImmerman-Vardi theorem (cf. Chapter 4). However, it is still one of themajor open questions in finite model theory whether there is a logiccapturing PTIME on all finite structures. Note that if no such logicexists this would necessarily imply PTIME = ∃SO = NP.

As we will see, fixed-point logics, such as LFP or IFP, do not sufficeto capture PTIME on arbitrary structures, and most of the naturallyconsidered examples to separate them from PTIME involve some kindof counting. For instance, the simple class EVEN = A : |A| is eventurns out to be not definable in LFP. Therefore Immerman proposedthat counting quantifiers should be added to logics and asked whethera suitable variant of fixed-point logic with counting would suffice tocapture PTIME.

Although Cai, Fürer and Immerman eventually answered thisquestion negatively, the extension of fixed-point logic by countingterms (FPC) has turned out to be an important and robust logic, thatdefines a natural level of expressiveness. In this chapter we study thelogic FPC and present the construction of Cai, Fürer and Immermanwhich yields the separation of FPC from PTIME. To be precise, weeven present a slightly more general result which uses the concept oftreewidth and which is due to Dawar and Richerby.

93


6.1 Logics with Counting Terms

There are different ways of adding counting mechanisms to a logic,which are not necessarily equivalent. The most straightforward pos-sibility is the addition of quantifiers of the form ∃≥2, ∃≥3, etc., withthe obvious meaning. While this is perfectly reasonable for bounded-variable fragments of first-order logic or infinitary logic it does notincrease the expressiveness of logics such as FO or LFP, since they areclosed under the replacement of ∃≥i by i existential quantifiers. Forfixed-point logic another severe restriction is that it does not allow forrecursion over the counting parameters i in quantifiers ∃≥ix. Thesecounting parameters should therefore be considered as variables thatrange over natural numbers. To define in a precise way a logic withcounting and recursion, one extends the original objects of study, namelyfinite (one-sorted) structures A, to two-sorted auxiliary structures A∗

with a second numerical (but also finite) sort.

Definition 6.1. With any one-sorted finite structure A with universe A,we associate the two-sorted structure A∗ := A ∪ ⟨0, . . . , |A|;≤, 0, e⟩,where ≤ is the canonical ordering on 0, . . . , |A|, and 0 and e stand forthe first and the last element. Thus, A∗ is the disjoint union of A with alinear order of length |A|+ 1.

For all logics we studied so far, we naturally obtain two-sorted vari-ants definining properties of the extended structures A∗. For instance,formulas of two-sorted first-order logic over two-sorted vocabulariesσ ∪ ≤, 0, e are evaluated in structures A∗ where semantics are definedin the obvious way. From now on, we stick to the convention to useLatin letters x, y, z, . . . for the variables over the first sort, and Greekletters λ, µ, ν, . . . for variables over the second sort (the numerical sort).In counting logics, these two sorts are related by counting terms, definedby the following rule. Let ϕ(x) be a formula with a variable x (over thefirst sort) among its free variables. Then #x[ϕ] is a term in the secondsort, with the set of free variables free(#x[ϕ]) = free(ϕ) − x. Thevalue of #x[ϕ] is the number of elements a that satisfy ϕ(a).

We introduce counting logics starting with first-order logic with

94

6.2 Fixed-Point Logic with Counting

counting, denoted by FOC, which is the closure of two-sorted first-order logic under counting terms. Here are two simple examples thatillustrate the use of counting terms.

Example 6.2. On an undirected graph G = (V, E), the formula∀x∀y(#z[Exz] = #z[Eyz]) expresses the assertion that every node hasthe same degree, i.e., that G is regular.

Example 6.3. We present below a formula ψ(E1, E2) ∈ FOC which ex-presses the assertion that two equivalence relations E1 and E2 areisomorphic; of course a necessary and sufficient condition for this isthat for every i, they have the same number of elements in equivalenceclasses of size i:

ψ(E1, E2) ≡ (∀µ)(#x[#y[E1xy] = µ] = #x[#y[E2xy] = µ]).


We now define (inflationary) fixed point logic with counting (FPC) andpartial fixed point logic with counting PFPC by adding to FOC the usualrules for building inflationary or partial fixed points, ranging over bothsorts.

Definition 6.4. Inflationary fixed point logic with counting, FPC, is theclosure of two-sorted first-order logic under the following rules:

(1) The rule for building counting terms.

(2) The usual rules of first-order logic for building terms and formulae.

(3) The fixed-point formation rule. Suppose that ψ(R, x, µ) is a formulaof vocabulary τ ∪ R where x = x1, . . . , xk, µ = µ1, . . . , µℓ, and Rhas mixed arity (k, ℓ), and that (u, ν) is a k + ℓ-tuple of first- andsecond-sort terms, respectively. Then

[ifp Rxµ . ψ](u, ν)

is a formula of vocabulary τ.

The semantics of [ifp Rxµ . ψ] on A∗ is defined in the same way as

95


for the logic IFP, namely as the inflationary fixed point of the operator

Fψ : R 7−→ R ∪ (a, i) | (A∗, R) |= ψ(a, i).

The definition of PFPC is analogous, where we replace inflationaryfixed points by partial ones. In the literature, one also finds differentvariants of fixed-point logic with counting where the two sorts arerelated by counting quantifiers rather than counting terms. Countingquantifiers have the form (∃i x) for ‘there exist at least i different x’,where i is a second-sort variable. It is obvious that the two definitionsare equivalent. In fact, FPC is a very robust logic. For instance, itsexpressive power does not change if one permits counting over tuples,even of mixed type, i.e. terms of the form #x,µ ϕ (see exercise class). Onecan of course also define least fixed-point logic with counting, LFPC,but one has to be careful with the positivity requirement (which is morenatural when one uses counting quantifiers rather than counting terms).The equivalence of LFP and IFP readily translates to LFPC ≡ IFPC.

Example 6.5. An interesting example of an FPC-definable query is themethod of stable colourings for graph-canonization. Given a graph Gwith a colouring f : V → 0, . . . , r of its vertices, we define a refine-ment f ′ of f , giving to a vertex x the new colour f ′x = ( f x, n1, . . . , nr)

where ni = #y[Exy ∧ ( f y = i)]. The new colours can be sorted lex-icographically so that they again form an initial subset of N. Thenthe process can be iterated until a fixed point, the stable colouring ofG is reached. It is easy to see that the stable colouring of a graph ispolynomial-time computable and uniformly definable in FPC.

On many graphs, the stable colouring uniquely identifies eachvertex, i.e. no two distinct vertices (i.e. vertices in different orbits of theautomorphism group) get the same stable colour. In this way stablecolourings provide a polynomial-time graph canonization algorithm forsuch classes of graphs. For instance, this is the case for the class of alltrees or, more generally, any class of graphs with bounded treewidth.

We now discuss the expressive power and evaluation complex-ity of fixed-point logic with counting. We are mainly interested inFPC-formulae and PFPC-formulae without free variables over the sec-

96


ond sort, so that we can compare them with the usual logics withoutcounting.

Exercise 6.1. Even without making use of counting terms, IFP overtwo-sorted structures A∗ is more expressive than IFP over A. To provethis, construct a two-sorted IFP-sentence ψ such that A∗ |= ψ if, andonly if, |A| is even.

It is clear that counting terms can be computed in polynomial-time.Hence the data complexity remains in PTIME for FPC and in PSPACEfor PFPC. We shall see below that these inclusions are strict.

Theorem 6.6. On finite structures,

(1) IFP ( FPC ( PTIME.(2) PFP ( PFPC ( PSPACE.

6.2.1 Infinitary Logic with Counting

Let Ck∞ω be the infinitary logic with k variables Lk

∞ω , extended by thequantifiers ∃≥m (‘there exist at least m’) for all m ∈ N. Further, letCω

∞ω :=⋃

k Ck∞ω .

Proposition 6.7. PFPC ⊆ Cω∞ω .

Due to the two-sorted framework, the proof of this result is a bitmore involved than for the corresponding result without counting, butnot really difficult (see exercise class).

The separation of FPC from PTIME has been established by Cai,Fürer, and Immerman. Their proof also provides an analysis of themethod of stable colourings for graph canonization. We have describedthis method in its simplest form in Example 6.1. More sophisticatedvariants compute and refine colourings of k-tuples of vertices. This iscalled the k-dimensional Weisfeiler–Lehman method and, in logical terms,it amounts to labelling each k-tuple by its type in k + 1-variable logicwith counting quantifiers. It was conjectured that this method couldprovide a polynomial-time algorithm for graph isomorphism, at leastfor graphs of bounded degree. However, Cai, Fürer, and Immermanwere able to construct two families (Gn)n∈N and (Hn)n∈N of graphs

97


such that on one hand, Gn and Hn have O(n) nodes and degree three,and admit a linear-time canonization algorithm, but on the other hand,in first-order (or infinitary) logic with counting, Ω(n) variables arenecessary to distinguish between Gn and Hn. In particular, this impliesTheorem 6.6.

6.3 The k-pebble bijection game

In Chapter 2 we introduced Ehrenfeucht-Fraïssé games to characterizethe equivalence of structures (or, to put it in another way, definability ofclasses) in first-order logic. More specifically, two relational structures Aand B can be distinguished by an FO-sentence of quantifier-rank ≤ m if,and only if, Spoiler has a winning strategy in the m-move Ehrenfeucht-Fraïssé game played on A and B which was denoted by EFm(A,B).

Our next aim is to introduce the k-pebble bijection game which isan extension of the standard Ehrenfeucht-Fraïssé game to capture de-finability in Cω

∞ω . We will use these games to show that a certain(polynomial-time decidable) class of graphs is not definable in Cω

∞ω . Inparticular, this yields the separation of FPC from PTIME by Proposi-tion 6.7.

Definition 6.8. The k-pebble bijection game k-BG(A,B) is a two-playergame played on relational structures A and B using k pairs of peb-bles (x1, y1), . . . , (xn, yn) that can be placed on pairs of elements(a1, b1), . . . , (an, bn) ∈ A× B during a play. The goal of Player I, who iscalled Spoiler, is to show that A ≡Ck

∞ω B while Player II, the Duplicator,claims that A ≡Ck

∞ω B.

A position in the game k-BG(A,B) is a (partial) assignment(a1, b1), . . . , (an, bn) of pebbles on A × B, so formally, a position is a(partial) mapping p : 1, . . . , k → A× B. The initial position is p = ∅.

At position p a play proceeds as follows: First, Spoiler selects apair of pebbles i ≤ k. Duplicator has to react with a bijection h : A→ Bwhich respects all remaining pairs of pebbled elements (except for i), i.e.for all i = j ∈ dom(p) and p(j) = (aj, bj) we have h(aj) = bj. Spoiler

98

6.3 The k-pebble bijection game

then chooses a ∈ A and the position is updated to (p|i 7→ (ai, bi)) where

(p|i 7→ (ai, bi))(j) :=

p(j) j = i

(a, h(a)) j = i..

Spoiler wins a play, if either |A| = |B| (i.e. Duplicator cannot respondwith a bijection), or the play eventually reaches a position p such thatthe induced mapping p(1, . . . , k) is not a partial isomorphism ofA and B, i.e. if p(1, . . . , k) ∈ Loc(A,B). Infinite plays are won byDuplicator.

Theorem 6.9. If Duplicator wins the game k-BG(A,B), then A ≡Ck∞ω B.

Proof. We prove by induction that for all formulae ϕ(x1, . . . , xk) ∈ Ck∞ω ,

structures A and B and all a1, . . . , ak ∈ A and b1, . . . , bk ∈ B we havethat if A |= ϕ(a1, . . . , ak) and B |= ϕ(a1, . . . , ak) then Spoiler has awinning strategy for k-BG(A,B) starting from position p(i) = (ai, bi).

The cases of quantifier-free formulae, Boolean connectivities andfirst-order quantifier follow as in the case of Ehrenfeucht-Fraïssé games(cf. lecture notes of mathematical logic). Hence, we only considerϕ = ∃≥ixjψ(x1, . . . , xk). For this case, a winning strategy for Spoilercan be defined in the following way:

• Spoiler selects the pair j ≤ k.

• Duplicator reacts with a bijection h : A→ B respecting the remain-ing pebbled pairs.

We set X = a ∈ A : A |= ψ(a1, . . . , an) and Y = b ∈ B : B |=ψ(b1, . . . , bn). From the assumption we know that |X| ≥ i and |Y| <i, hence there is an a ∈ X such that h(a) ∈ Y. Spoiler selects theelement a and the position is updated to (p|j 7→ (aj, bj)). As we haveA |= ϕ(a1, . . . , an) and B |= ϕ(b1, . . . , bj−1, h(a), bj+1, . . . , bn) the claimfollows by induction. q.e.d.

We can use Theorem 6.9 to show that a class K of finite structuresis not definable in Cω

∞ω . In particular, note that K ∈ Cω∞ω also implies

that K ∈ FPC since we have FPC ≤ Cω∞ω .

99


Proposition 6.10. Let (Ak)k≥1 and (Bk)k≥1 be two sequences of struc-tures such that for infinitely many k we have Ak ∈ K, Bk ∈ K andDuplicators wins k-BG(Ak,Bk). Then K cannot be defined in Cω

∞ω .

6.4 The construction of Cai, Fürer and Immerman

We now present the construction of Cai, Fürer and Immmerman whichyields the separation of FPC from PTIME. Throughout this section, letG = (V, E) denote a connected graph with deg(v) ≥ 2 for all v ∈ V.Starting from G we define a family of graphs (XS(G))S⊆E that result byreplacing every vertex v in a G by a gadget Z(v) and interconnectingdifferent gadgets according to edge relation in G.

For every v we define the set of new vertices Z(v) as

Z(v) := avw, bvw, cvw, dvw : w ∈ vE ∪ vX : X ⊆ vE, |X| even.

Vertices of the form avw, bvw are called outer vertices and they areintended to connect the two gadgets Z(v) and Z(w). The verticescvw, dvw are colour vertices which are used only to make the set of outernodes first-order definable. The remaining vertices vS are called theinner vertices.

Let X∅(G) denote the graph over the vertex set⋃

v∈V Z(v) withthe following edges:

• (avw, cvw), (bvw, cvw), (dvw, cvw) for (v, w) ∈ E,• (avw, vX) for w ∈ X,• (bvw, vX) for w ∈ X, and• (avw, awv) and (bvw, bwv) for all (v, w) ∈ E.

In Figure 6.1 the construction of a gadget Z(v) is illustrated for thecase of a vertex v with degree three. The pairs of outer nodes avx, bvx,avy, bvy and avz, bvz are connected to the corresponding outer nodes ofthe gadgets Z(x), Z(y) and Z(z), respectively (this is indicated by thedashed lines in the figure).

We now extend the construction: for any (symmetric) set S ⊆ Ewe define XS(G) to be the graph X∅(G) in which for all (v, w) ∈ S theedges (avw, awv) and (bvw, bwv) are replaced by (avw, bwv) and (awv, bwv).

100


v

xy

z

v∅ vx,y vx,z vy,z

Figure 6.1. Example: gadget for a vertex v of degree three

We say that the edges in S have been twisted. In this way we obtain forevery subset S ⊆ E of edges a CFI-graph XS(G). Interestingly, we aregoing to show that these CFI-graphs XS(G) are completely determinedby the parity of the set S:

Lemma 6.11. For all S, T ⊆ E we have:

XS(G) ∼= XT(G) ⇔ |S| ≡ |T| mod 2.

Before we prove this claim in general, we consider some specialcases. First of all, let all twisted edges be incident with a single vertex v.

Lemma 6.12. Let S, T ⊆ vE be sets of neighbours of some vertex v ∈ V.If S∆T = (S \ T) ∪ (T \ S) is even, then

Xv×S(G) ∼= Xv×T(G).

Proof. The mapping πv;S;T : Xv×S(G)→ Xv×T(G) defined by

πv;S;T(z) :=

z, z ∈ Z(v) or z colour vertex,

z, z ∈ avw, bvw, (v, w) ∈ S ∩ T,

bvw, z = avw, (v, w) ∈ S∆T,

avw, z = bvw, (v, w) ∈ S∆T,

vX∆(S∆T), z = vX ,

is an isomorphism (use that since X and S∆T are even, the same holdsfor the symmetric difference X∆(S∆T)). q.e.d.

101


We proceed to explain how one obtains an isomorphism betweenXe(G) and X f (G) for two distinct edges e and f of G.

Lemma 6.13. Xe(G) ∼= X f (G).

Proof. If e and f are incident with the same vertex v, then the claimfollows by Lemma 6.12. Hence, let e = (u, v) and f = (x, y) be such thatu, v ∩ x, y = ∅. Choose a path v = v1, v2, . . . , vℓ = x connecting vand x with vi ∈ u, y for all i ≥ 1. Then

πe 7→ f := πv1;u;v2 πv2;v1;v3 · · · πvl−1;vl−2;x πvl ;vl−1;y,

is an isomorphism of Xe(G) ∼= X f (G): the twist at edge (u, v) ismoved along the path to the twist at edge (x, y) where both twistscancel out each other. Note than along the path, at every inner node vi

we have precisely two twists of edges for the gadget Z(vi) which, againby Lemma 6.12, preserves the structure of the inner nodes. q.e.d.

We are now ready to prove Lemma 6.11.

Proof (of Lemma 6.11). First of all, let |S| ≡ |T| mod 2. If |S| = |T| = 1,then the claim follows by Lemma 6.13, so assume that |S| ≥ 2 (oranalogously, |T| ≥ 2). Choose e, f ∈ S with e = f . If e and f areincident with the same vertex v ∈ V we know that XS\e, f (G) ∼= XS(G)

by Lemma 6.13. In the other case, we use the isomorphism πe 7→ f andsee that XS\e, f (G) ∼= XS(G). The claim follows by induction on |S∆T|.

For the other direction assume that π : X f=(x,y)(G)→ X∅(G) isan isomorphism. Clearly, π maps outer (inner, colour) nodes to outer(inner, coulour) nodes, and since π also induces an isomorphism ofG, we can assume that for all v ∈ V we have π(Z(v)) = Z(v) andπ(avw, bvw) = avw, bvw for all (v, w) ∈ E. At this point we observethat if π interchanges avw and bvw it necessarily interchanges awv andbwv for all edges (v, w) ∈ E except for (x, y). Hence, the total numberof interchanges of a’s and b’s in π is odd. This contradicts, Lemma 6.12,however, as the number of interchanges of a’s and b’s in π for eachgadget has to be even. q.e.d.

102


We conclude that, up to isomorphism, there are precisely twoCFI-graphs for G and we fix two canonical representatives from theisomorphism classes:

• X(G) := X∅(G) (the even CFI-graph for G)• X(G) := Xe(G) for some edge e ∈ E (the odd CFI-graph for G)

The CFI-query is to decide, given a CFI-graph XS(G), whether XS(G) iseven or odd, i.e. whether XS(G) ∼= X(G) or XS(G) ∼= X(G).

Theorem 6.14. The CFI-query can be decided in polynomial time.

Proof. In order to count the number of twists, we need to identify thea and b-vertices. To this end it suffices to fix in every gadget Z(v)an arbitrary inner node and to associate the intended labeling to thegadget Z(v) (e.g. declare this node to be v∅ and assign to all connectedvertices b-labels and to the remaining outer ones a-labels). Then it isstraightforward to count the number of twists modulo two. Lemma 6.11guarantees that the isomorphism class of the resulting a, b-labeledgraph is independent of the initial choice of inner vertices. q.e.d.

We conclude that the even and odd CFI-graphs can be distin-guished in polynomial time. However, we are going to show that theycannot be separated by sentences in Cω

∞ω if we start from a class ofgraphs G with sufficient complexity. In order to measure the complex-ity of graphs we introduce the important and well-studied concept oftreewidth. Intuitively the treewidth of a graph formalises to what extentan (undirected) graph resembles a tree, and one of the reasons for its im-portance is that many NP-hard problems (and even some PSPACE-hardones) become tractable on classes of graphs with bounded treewidth.There are various equivalent ways to characterize the treewidth of agraph, of which we sketch two: an algebraic and a game theoreticapproach.

Definition 6.15. Let G = (V, E) be an undirected graph. A tree decom-position of G is an undirected tree T = (T, ET) where T is a family ofsubsets of V, i.e. T ⊆ P(V) and

(a)⋃

T = V, and

103


(b) for all (u, v) ∈ E there is some X ∈ T so that u, v ⊆ X, and

(c) for every vertex v ∈ V the set X ∈ T : v ∈ X is connected in T .

Nodes in the tree T are called bags. The width of the tree decompo-sition T = (T, ET) is (max|X| : X ∈ T − 1), and the treewidth of G,denoted by tw(G), is defined to be the minimal width for which a treedecomposition of G exists.

Next, we describe a game which characterises the notion oftreewidth. The k-cops and robber game on G is played by two play-ers, Player I (the cops) and Player II (the robber). The rules are asfollows: the cops possess k pebbles (cops) which they can place onvertices of the graph. The robber has one pebble which is moved alongpaths. In each move the cops first choose some pebble which is eithercurrently not placed on a vertex of the graph or which is removed fromits current position w. Secondly, the cops determine a vertex v to be thenew position for this pebble. After that, the robber reacts by movinghis pebble along a path to a new vertex (which may be the old one).The chosen path has to be cop-free where the vertices v and w count ascop-free for the current move. The cops win a play if, and only if, theycan reach a position such that the robber cannot move. All other plays,i.e. all infinite ones, are won by the robber.

Seymour proved that a graph G has treewidth k if, and only if, thecops have a winning strategy in the game with k + 1 pebbles, but therobber wins the game if the cops are restricted to k pebbles. We use thisgame-theoretic characterisation of to show:

Theorem 6.16. Let G = (V, E) be graph with δ(G) ≥ 2 and tw(G) ≥ k.Then

X(G) ≡Ck∞ω X(G).

Proof. For two vertices u, v let σ[u, v] be the permutation which ex-changes u and v and fixes all other points. We say that a bijectionh : X(G)→ X(G) is good except at node u ∈ V if

• h(Z(v)) = Z(v) for all v ∈ V,

104


• h maps inner vertices to inner vertices and outer vertices to outervertices,

• h is an isomorphism between the subgraphs X(G) \ vX : X ⊆ vEand X(G) \ vX : X ⊆ vE, and

• for every pair (auv, buv) ∈ Z(u), the mapping h σ[auv, buv] is anisomorphism from X(G)[Z(u)] to X(G)[Z(u)].

Let X(G) = X(u,v)(G). Then for instance σ[auv, buv] is good exceptat u and σ[avu, bvu] is good except at v. Note that if η ∈ Aut(X(G))

with η(Z(v)) = Z(v) for all v ∈ V and h is good except at vertex u,then h η is good except at u as well.

The property of being good at some vertex can be propagatedalong path in G: let P be a simple path in G from u to v, P : u =

v1, v2, . . . , vl−1, vl = v, and let h be a bijection which is good except atvertex u. Then the bijection h′ := h ηP where

ηP := σ[auv2 , buv2 ] πv2;v1;v3 · · · πvl−1;vl−2;vomel σ[avvl−1 , bvvl−1 ],

is good except at v and for w ∈ P, x ∈ Z(w) we have h′(x) = h(x).

Finally, we describe a winning strategy for Duplicator in the k-pebble bijection game played on X(G) and X(G). The strategy satisfiesthat pairs of pebbles (ai, bi) are always placed on vertices in a commongadget Z(v). First of all, we initialize an instance of the k-cops androbber game played on G where we identify each of the k pairs ofpebbles with one of the cops, and we assume that the robber makes hismoves according to a fixed winning strategy (recall that tw(G) ≥ k).The positions in the two games are related as follows: the vertex in Goccupied by the i-th cop is precisely the vertex v ∈ V for which thecorresponding gadget Z(v) in X(G) and ˜X(G) is pebbled with the i-thpair (ai, bi) of pebbles in the k-pebble bijection game. We update thepositions in the cops and robber game after each round of the k-pebblebijection game accordingly. Furthermore, whenever the robber is atsome vertex v ∈ V, then Duplicator chooses in her current move somebijection which is good except at vertex v. For convenience, we assumethat the robber starts at node u, and that in the first round Duplicator

105


answers with the bijection σ[auv, buv]. Recall that this bijection is goodexcept at vertex u.

We proceed to show that Duplicator can maintain the followinginvariant during each play: let ((a1, . . . , ak), (b1, . . . , bk)) be the currentposition in the k-pebble bijection game, then

there is a bijection g : X(G)→ X(G) with g(ai) = bi for i ≤ k such thatg is good except at a vertex u ∈ V and for i ≤ k we have ai, bi ∈ Z(u)

(u is the robber’s position in the cops and robber game).

This can be seen as follows: assume Spoiler chooses the i-th pair ofpebbles. Duplicator answers with the bijection g and Spoiler puts thei-th pair of pebbles onto some tuple (a, g(a)). By the condition on g ofbeing good except at u, the new position in the k-pebble bijection gameis indeed a partial isomorphism (g is an isomorphism except at gadgetZ(u), and Spoiler would need more than one pebble there to uncoverthe difference). The move of Spoiler induces an update for the ith copin the cops and robber game, which yields a respond of the robberaccording to his winning strategy, i.e. a move along a cop-free path Pto some vertex v. Hence, as shown above, the bijection g′ := g ηP

respects all pebbled pairs of elements and is good except at v. Since,Z(v) is cop-free (and hence not pebbled), the claim follows. q.e.d.

Theorem 6.17. FPC ( PTIME on every class of graphs which containsCFI-graphs X(G) and X(G) for graphs G of arbitrary large treewidth.

In fact, Grohe and Marino proved that FPC ≡ PTIME on everyclass of graphs with bounded treewidth. Their theorem allows us toreformulate the result in a very neat way.

We first observe that the treewidth of X(G) is bounded by(O)(tw(G)): from a tree-decomposition of G one obtains a tree de-composition of X(G) by replacing in all bags the vertices by theircorresponding gadgets. Furthermore, the size of a gadget Z(v) in X(G)

is bounded by (4∆(G) · 2∆(G)−1) ∈ O(∆(G)). Now let Gn be the n× ngrid, then tw(Gn) = n, ∆(Gn) = 4 and

tw(X(G)) ≤ (4∆(G) · 2∆(G)−1) tw(Gn) = 24n ∈ O(|G|).

106


For a function f : N→N we define the class of graphs

TW f := G : tw(G) ≤ f (|G|).

Theorem 6.18. FPC ≡ PTIME on TW f if, and only if, f ∈ O(1).

Proof. The direction from right two left is mentioned theorem due toMarino and Grohe. For the other direction, assume f ∈ O(1); then forevery n > 0, there exists k > |X(Gn)| with f (k) ≥ 24n. Hence, TW f

contains X(Gn) and X(Gn) for every n ≥ 0. q.e.d.

107

7 Zero-one laws

Introduction, maybe we can use the introduction from the seminar?

7.1 Random graphs

We consider the class Gn of (undirected) graphs over 0, . . . , n− 1, i.e.

Gn := G = (V, E) : G graph, V = 0, . . . , n− 1,

In order to introduce random graphs we consider a sequence of proba-bility distributions µ = (µ1, µ2, . . . ) on (G1,G2, . . . ), i.e. µn : Gn → [0, 1]and ∑G∈Gn

µ(G) = 1 for all n ≥ 1. This defines a sequence of prob-ability spaces (G1, µ1), (G2, µ2), . . . on classes of graphs of increasingsize.

Example 7.1.

(1) The uniform distribution µn assigns equal probability to each graph:

µn(G) =1

2(n2)

.

(2) Let p : N→ [0, 1] be an arbitrary mapping. Then the probabilityspace Gn,p = (Gn, µp,n) is defined by the following random experi-ment: determine for every pair (u, v) with 0 ≤ u < v < n whether(u, v) ∈ E using a random variable X taking values 0, 1 (False andTrue) with Pr[X = 1] = p(n) and Pr[X = 0] = (1− p(n)). Observethat for p = 1

2 one obtains the uniform distribution.

We make the following convention: unless otherwise stated, µn denotesthe uniform distribution. For a class K of graphs we set

µn(K) := µn(K ∩ Gn) = ∑G∈K∩Gn

µn(G).

109

7 Zero-one laws

This definition formalises what it means that a random graph G ∈Gn has a certain property K. However, in what follows, we are notinterested in random graphs of some fixed size n ∈N but much morein the behaviour of the probability µn(K) if we increase the size ofgraphs, i.e. if we let n approach infinity.

Definition 7.2. The asymptotic probability of a class K of graphs (withrespect to µ) is defined as

µ(K) := limn→∞

µn(K),

in the case that this sequence has a limit. In particular, if ψ is a sentenceover vocabulary E in some logic L, then the asymptotic probability ofψ (with respect to µ) is defined as

µ(ψ) := limn→∞

µn(G ∈ Gn : G |= ψ,

again only for the case that the limit exists.

Example 7.3.

(1) Let K = G : G is a clique. Then

limn→∞

µn(K) = limn→∞

1

2(n2)

= 0.

(2) Let H be a graph and let KH = G : G contains H as subgraph.For n > k · |H| we have

µn(KH) ≥ 1− (1− (2−|E(H)|))k,

hence µ(KH) = 1 since k→ ∞ for n→ ∞.(3) Let K = G : G is three-colourable. Then

limn→∞

µn(K) ≤ 1− limn→∞

µn(G ∈ Gn : G contains K4) = 0.

(4) Recall that we have limn→∞ µn(G : (3, 17) ∈ E) = 12 .

(5) The asymptotic probability is not defined for every class of graphs.For instance, consider K = G : G has an even number of nodes.Then the sequence (µn(K))n≥1 = (0, 1, 0, 1, . . . ) has no limit.

110

7.2 Zero-one law for first-order logic


In this section we prove the zero-one law for first-order logic:

Theorem 7.4. For sentences ψ ∈ FO (over relational vocabulary) wehave

µ(ψ) = 0 or µ(ψ) = 1.

To put it in words, every first-order definable property of graphs eitherholds almost never or almost surely on random graphs of increasing size.

Definition 7.5. An atomic graph k-type is a maximal consistent set t ofFO(E)-literals in variables x1, . . . , xk, i.e. Exixj,¬Exixj, xi = xj, xi =xj, which is consistent with the graph axioms (∀x1∀x2(¬Ex1x1 ∧Ex1x2 ↔ Ex2x1). Furhtermore, for a graph G = (V, E) and a ∈ Vk wedefine the atomic graph k-type of a by

tG(a) := ϕ(xi, xj) : ϕ an FO(E)-literal such that G |= ϕ(ai, aj).

Formally, an atomic k-type t is a set but we frequently identifyit with the formula t(x) =

∧ϕ∈t ϕ(x) (this formula is an FO-formula,

since there are only finitely many E-literals in k variables).

In what follows, let s(x) and t(x) denote atomic graph types oftuples of distinct elements, i.e. s, t |= ∧

i<j≤k xi = xk. We say thatan atomic (m + 1)-type t(x1, . . . , xm, xm+1) extends an atomic m-types(x1, . . . , xm) if s ⊆ t, or equivalently, if t |= s.

Definition 7.6. Let s(x1, . . . , xm) and t(x1, . . . , xm, xm+1) be atomictypes such that s ⊆ t. We define the extension axiom σs,t by

σs,t := ∀x1 · · · ∀xm(s(x)→ ∃xm+1t(x, xm+1)).

Furthermore, we let T be the set of all extension axioms together withthe graph axioms.

The proof of the zero-one law for FO relies on the following prop-erties of the extension axioms and the set T:

(1) µ(σs,t) = 1 for all σs,t ∈ T.

111

7 Zero-one laws

(2) T is ω-categorical, i.e. there is, up to isomorphism, only one count-able model of T. This structure is known as the Rado graph.

(3) T is complete, i.e. for all ψ ∈ FO either T |= ψ or T |= ¬ψ.

We proceed to establish these three properties.

Lemma 7.7. Let σs,t ∈ T be an extension axiom. Then µ(σs,t) = 1.

Proof. Let σs,t := ∀x1 · · · ∀xm(s(x) → ∃xm+1t(x, xm+1)). For everyi = 1, . . . , m we have t |= Exixm+1 or t |= ¬Exixm+1. Let G ∈ Gn

be a random graph and a1, . . . , am ∈ 0, . . . , n − 1. For every fixedam+1 ∈ V \ a1, . . . , am, the experiments G |= Eaiam+1 are stochasti-cally independent and have probability 1

2 . Hence

Pr[G |= t(a, am+1)|G |= s(a)] =1

2m .

Thus, probability that no element am+1 ∈ V \ a1, . . . , am extends arealisation a of s to a realisation of (a, am+1) of t is (1− 1

2m )n−m. Inconclusion, we obtain

µn(¬σs,t) = µn(∃x1 · · · ∃xn(s(x) ∧ ∀xm+1¬t(x, xm+1)))

≤ nm · (1− 12m )n−m exp. fast−→ 0,

and thus µ(σs,t) = 1. q.e.d.

The compactness theorem implies that also every logical conse-quence of the extensions axioms almost surely holds in a random graph.

Corollary 7.8. If T |= ψ then µ(ψ) = 1, and the set T is satisfiable.

Proof. If T |= ψ, then by the compactness theorem there is a finiteset T0 ⊆ T such that T0 |= ψ. Hence, we have µn(ψ) ≥ ∏σ∈T0

µn(σ)

for all n ≥ 1 and thus limn→∞(ψ) = 1 by Lemma 7.7. In particularT |= ∀x(x = x) since µ(∀x(x = x)) = 0. q.e.d.

Interestingly, one can give explicit description of models of T andwe present two different possibilities here. However, as we show laterthat T is ω-categorical, these models are isomorphic.

112


Definition 7.9 (Rado graph). The following graphs are models of T.

(1) Let pi denote the i-th prime number. We define G = (N, E) with

E := (i, j) ∈N×N : pi | j or pj | i.

We claim that G |= T. To see this, we choose an arbitrary extensionaxiom σs,t := ∀x1 · · · ∀xm(s(x)→ ∃xm+1t(x, xm+1)) ∈ T.Let I ·∪ J = 1, . . . , m be the partition defined by t with respect tothe following condition

• If t |= Exixm+1 then i ∈ I, and• if t |= ¬Exixm+1 then i ∈ J.

Let a1, . . . , ak ∈ A such that G |= s(a1, . . . , ak). We set am+1 :=

∏i∈I pai q where q is a prime number with q > pa1 · · · pam . Then itis easy to check that G |= Eaiam+1 for all i ∈ I and G |= ¬Eajam+1

for all j ∈ J.(2) The set HF of heriditarily finite sets is defined by:

• ∅ ∈ HF• If a1, . . . , ak ∈ HF, then also a1, . . . , ak ∈ HF.

Let G = (HF, E) with E := (a, b) : a ∈ b or b ∈ a. Similarly asabove, one can show that G |= T.

Theorem 7.10. Let G = (VG, EG) and H = (VH , EH) be two countablemodels of T. Then G ∼= H. The unique countable model of T is knownas the Rado graph R.

Proof. First of all, it is clear that T has no finite models, hence G andH are infinite graphs. We fix two enumerations of VG and VH andinductively construct a sequence of partial isomorphism p0, p1, p2, . . .between G and H such that p0 ⊆ p1 ⊆ p2 ⊆ · · · . For the base case,we set p0 := ∅. For the induction step let pi = (a1, b1), . . . , (ai, bi) ∈Loc(G, H) be already defined. We distinguish between the followingtwo cases:

• If i is even, choose ai+1 ∈ VG to be the minimal element (withrespect to the enumeration of VG) which is not in the domainof pi, i.e. ai+1 ∈ a1, . . . , ai. Let s := tG(a1, . . . , ai) and t :=

113

7 Zero-one laws

tG(a1, . . . , ai+1). Since pi is a partial isomorphism we know thatH |= s(b1, . . . , bi). Since H |= σs,t there exists an element bi+1 ∈ VH

such that H |= t(b1, . . . , bi+1). We set pi+1 := pi ∪ (ai+1, bi+1)and obtain a partial isomorphism extending pi.

• If i is odd, we proceed analogously, but this time we let bi+1 ∈ VH

be the minimal element (with respect to the enumeration of VH)which is not in the image of pi, i.e. bi+1 ∈ b1, . . . , bi. Fors := tH(b1, . . . , bi) and t := tH(b1, . . . , bi+1), the same reasoning asabove yields an element ai+1 ∈ VG such that G |= t(a1, . . . , ai+1.Again we obtain an extended partial isomorphism by settingpi+1 := pi ∪ (ai+1, bi+1).

Finally we let p :=⋃

i≥0 pi. By construction we have that dom(p) = VG

and im(p) = VH , hence p : G ∼−→ H. q.e.d.

In particular, ω-categorical theories are complete:

Theorem 7.11. T axiomatises a complete theory, i.e. for all sentencesψ ∈ FO(E) we have T |= ψ or T |= ¬ψ.

Proof. Assume for some sentence ψ ∈ FO(E) it holds that T |= ψ

and T |= ¬ψ. Then by the downwards Löwenheim-Skolem theorem,there exist two countable graphs G and H with G |= T ∪ ψ andH |= T ∪ ¬ψ. In particular this implies G ∼= H, which contradictsTheorem 7.10. q.e.d.

Theorem 7.12. [Glebskiı et al., R. Fagin] For all ψ ∈ FO(E) it holds:

µ(ψ) = 0 or µ(ψ) = 1.

Proof. If T |= ψ, then µ(ψ) = 1. Otherwise, T |= ¬ψ, and henceµ(ψ) = 1− µ(¬ψ) = 0. q.e.d.

In particular, we can give a precise characterisation of those first-order properties which hold almost surely in random graphs.

Corollary 7.13. Let ψ ∈ FO(E). Then

µ(ψ) = 1 iff T |= ψ iff R |= ψ.

114

7.3 Generalised zero-one laws

7.2.1 Applications

We can use Theorem 7.12 to show that certain classes of graphs arenot definable in first-order logic: if a class K of graphs has undefinedasymptotic probability or an asymptotic probability different from 0 and1, then clearly K cannot be defined in first-order logic. More generally,this method yields non-definability of K for every logic that has a 0-1-law,e.g. for Lω

∞ω as we see later. For instance, consider the class EvenV =

G = (V, E) : |V| is even with undefined asymptotic probability orthe class EvenE = G = (V, E) : |E| is even with µ(EvenE) = 1

2 .Moreover, we can use our results as a convenient method to determinethe asymptotic probability for many natural classes of graphs.

(1) We want to determine µ(Con) where Con denotes the class ofconnected graphs. Let s be an atomic 2-type in variables x, ycontaining ¬Exy and let t be the atomic 3-type in variables x, y, zwhich extends s and contains Exz ∧ Eyz. Then G |= σs,t iff G hasdiameter at most 2. Hence, G |= σs,t implies G ∈ Con, whichmeans that µ(Con) = 1.

(2) Let K be any class of graphs which exclude a forbidden sub-graph H = (v1, . . . , vk, E). Then µ(K) = 0. To see this, we setsi(x1, . . . , xi) := tH(v1, . . . , vi) for i ≤ k and consider the extensionaxioms σsisi+1 . Then clearly ψ :=

∧i<k σsisi+1 is a logical conse-

quence of T, which means that µ(ψ) = 1. Moreover, if G |= ψ,then G contains H as an induced subgraph. We conclude thatµ(K) ≤ 1− µ(ψ) = 0. As an application, consider the class ofplanar graphs which exclude K5 (the complete graph on 5 vertices)and the class of k-colourable graphs which exclude Kk+1 (where kis fixed). To put it in words, a random graph is almost never planarnor k-colourable.


In this section we want to generalise our considerations in two differentways. Firstly, instead of restricting ourselves to graphs, we want towork on more general classes of structures and analyse whether the

115

7 Zero-one laws

zero-one-law for FO still holds. Secondly, as FO has rather limitedexpressive power, we look for zero-one laws for more powerful logicsas well.

Let τ be an arbitrary vocabulary (not necessarily relational).By Strn(τ) we denote the set of all τ-structures over the universe0, . . . , n − 1. As before we define a sequence µ = (µ1, µ2, . . . ) ofuniform probability distributions µn : Strn(τ) → [0, 1], i.e. for everyA ∈ Strn(τ) we set

µn(A) =1

|Strn(τ)|.

We claim that FO(τ) has a zero-one law if, and only if, τ containsno function symbols. To this end, we first consider the case where τ

contains function symbols:

(1) Assume P, c ⊆ τ where c is a constant symbol and P a monadicrelation. Then for ψ := Pc we have µn(ψ) =

12 for all n ≥ 1, hence

µ(ψ) = 12 , i.e. the zero-one law does hold in this case.

(2) Assume f ∈ τ where f is a unary function symbol. Consider theFO(τ)-sentence ψ := ∃x( f x = x) stating that f has a fixed point.For n ≥ 1 we have

µn(ψ) = 1−n−1

∏i=0

(n− 1

n

)︸︷︷︸=Pr[ f (i) =i]

= 1−(

1− 1n

)n.

Since(

1− 1n

)n−→ e−1 for n→ ∞, the zero-one law does not hold

in this case either.

For the other direction, let τ be purely relational, τ = R1, . . . , Rk.The proof strategy we used over graphs generalises for this general in astraightforward way:

• An atomic τ-type in k variables is a maximal, consistent set of τ-literals over variables x1, . . . , xk. For a τ-structure A and a ∈ A weset tA(a) = ϕ(x) : ϕ a τ-literal with A |= ϕ(a).

• The τ-extension axiom σs,t for two atomic τ-types s and t (in k and

116


k + 1 variables, respectively) with s ⊆ t is defined as

σs,t := ∀x(s(x)→ ∃xk+1t(x, xk+1)).

As before, we let T denote the set of all τ-extension axioms

• Again we can show that µ(σs,t) = 1 for all σs,t ∈ T. Let r denotethe number of literals in t which contain xm+1. Then, for a randomstructure A ∈ Strn(τ), a ∈ A and am+1 it holds

Pr[A |= t(a, am+1) |A |= s(a)] = 2−r.

Thus

µn(¬σs,t) = µn(∃x(s(x) ∧ ∀xm+1¬t(x, xm+1)))

≤ nm(1− 2−r)n−m exp. fast−→ 0.

• T is ω-categorical: analogously!

Our analysis raises the question why even basic functions but notarbitrary relations inhibit a zero-one law. The reason is that atomicexperiments are not longer stochastically independent. For instance,consider the experiments f (a) = b and f (a) = c (for b = c), thenPr[ f (a) = c | f (a) = b] = 0 = Pr[ f (a) = c].

7.3.1 Zero-one law for Lω∞ω

We proceed to show that the zero-one law holds for Lω∞ω as well (re-

stricted to relational vocabularies). In particular, since LFP ≤ Lω∞ω ,

this means that a random graph either almost surely has an LFP-definable property or almost never does. With FOk we denote thek-variable fragment of FO, i.e. FOk = FO ∩ Lk

∞ω = ϕ ∈ FO :ϕ only contains variables x1, . . . , xk. If we restrict the set of extensionaxioms T to FOk we obtain finite sets of approximations of T which areagain sentences in FOk; more specifically, we set

Θk :=∧

T ∩ FOk =∧σs,t : σs,t ∈ T ∩ FOk ∈ FOk.

117

7 Zero-one laws

The central property of these approximations for T is stated in thefollowing theorem: in models of Θk, every Lk

∞ω-formula is equivalentto a simple Boolean combinations of atomic k-types. In particular, everyLk

∞ω-sentence is either true or false in all models of Θk.

Theorem 7.14. Let m ≤ k, s(x1, . . . , xm) an atomic m-type andϕ(x1, . . . , xm) ∈ Lk

∞ω . Then

either Θk |= ∀x(s(x)→ ϕ(x))

or Θk |= ∀x(s(x)→ ¬ϕ(x)).

Proof. We proceed by induction on ϕ and simultaneously show theclaim for all m ≤ k and atomic types s. If ϕ is atomic, then either ϕ ∈ sor ¬ϕ ∈ s. If ϕ = ¬ψ, the claim directly follows.

Let ϕ =∧

Ψ, Ψ ⊆ Lk∞ω . By induction hypothesis for all ψ ∈ Ψ

either Θk |= ∀x(s(x)→ ψ(x))

or Θk |= ∀x(s(x)→ ¬ψ(x)).

If Θk |= ∀x(s(x)→ ψ(x)) for all ψ ∈ Ψ, then Θk |= ∀x(s(x)→ ∧Ψ(x)).

Otherwise, Θk |= ∀x(s(x)→ ¬∧Ψ(x)).

Let ϕ(x) = ∃yψ(x, y) and assume that Θk |= ∀x(s(x) → ¬ϕ(x)).Choose a structure A |= Θk with A |= ∃x(s(x)∧∃yψ(x, y)) and considerthe following two cases

• If y ∈ x1, . . . , xm, i.e. y ∈ xm+1, . . . , xk; let a1, . . . , am, b ∈A such that A |= s(a) ∧ ψ(a, b). We define the atomic typet(x1, . . . , xm, y) := tA(a, b) with s ⊆ t. In particular,

A |= ∃x∃y(t(x, y) ∧ ψ(x, y)).

By induction hypothesis we know that

A |= ∀x∀y(t(x, y)→ ψ(x, y)),

and since σs,t = ∀x(s(x) → ∃yt(x, y)) is an extension axiom con-

118


tained in Θk we finally obtain

A |= ∀x(s(x)→ ∃yψ(x, y)).

• If y ∈ x1, . . . , xm, i.e. y = xj for j ≤ m; let a ∈ A such thatA |= s(a) ∧ ∃xjψ(a), and let x∗ and a∗ denote the tuples x and awithout the j-th componenent, i.e.

x⋆ := x1 · · · xj−1xj+1 · · · xk

a⋆ := a1 · · · aj−1aj+1 · · · ak.

Similarly, let s⋆(x⋆) := tA(a⋆) be the atomic type of a⋆ in A. Thens⋆ ⊆ s and there is b ∈ A such that

A |= s⋆(a⋆) ∧ ψ(a

baj

), where a

baj

:= a1 · · · aj−1baj+1 · · · am.

For t⋆(x) := tA(a baj) we thus have A |= ∃(t⋆(x) ∧ ψ(x)), and the

induction hypothesis yields

Θk |= ∀x(t⋆(x)→ ψ(x)).

As above, since s⋆ ⊆ t⋆, it holds that Θk |= ∀x⋆(s⋆(x⋆)→ ∃xjt⋆(x)),and altogether we obtain

Θk |= ∀x(s(x)→ ∃xjψ(x)).

q.e.d.

Corollary 7.15. For every Lk∞ω-sentence ψ we either have Θk |= ψ or

Θk |= ¬ψ.

Corollary 7.16. If A |= Θk and B |= Θk, then A ≡Lk∞ω

B.

Corollary 7.17 (Kolaitis, Varidi 1992). For every sentence ψ ∈ Lω∞ω (over

a relational signature) we have µ(ψ) = 0 or µ(ψ) = 1.

Proof. Let ψ ∈ Lk∞ω for some k ≥ 1. Then by Corollary 7.15 we have

Θk |= ψ or Θk |= ¬ψ. Since Θk ⊆ T is finite, we have µ(Θk) = 1 andthus the claim follows. q.e.d.

119

Algorithmic Model Theory (SS 2010)

Documents

Transcript of Algorithmic Model Theory (SS 2010)